Six critical vulnerabilities have been found in IBM's
Lotus Notes that could allow attackers to take over corporate
systems.
Internet security researcher Secunia said the bugs were “highly
critical”, saying that some of the flaws could create buffer
overflows, allowing remote attackers to compromise corporate
systems.
Some of the other vulnerabilities can be exploited if users
simply view malicious e-mails, while others require users to open
attachments or extract compressed files attached to a message.
Several versions of Lotus Notes are at risk, including 7.0 and
6.5.4, admitted IBM. Updating Notes to 6.5.5 or 7.0.1 will solve
the problem, the company said.
“Users are strongly urged to use caution when opening or viewing
unsolicited file attachments,” said IBM.
The Lotus Notes platform was also affected by a number security
bugs last month. These allowed remote attackers to launch
denial-of-service attacks to crash corporate systems.
Lotus Notes competes against Microsoft’s Outlook e-mail
client.