Skip to main content


Is Lotus Notes affected by the Windows Meta File vulnerability reported in Microsoft Security Advisory # 912840?

 Technote (FAQ)
 
 
Question
Is Lotus Notes affected by the Windows Meta File vulnerability reported in Microsoft Security Advisory # 912840 (Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution)?

Microsoft Security Advisory 912480
http://www.microsoft.com/technet/security/advisory/912840.mspx

CERT:
http://www.kb.cert.org/vuls/id/181038

NIST
http://www.nist.org/nist_plugins/content/content.php?content.25

Other advisories have been published containing similar information.

 
Answer
Lotus Notes displays images in a number of ways. In some of these cases, Notes will use the program associated with the file type to display the file. In the case of Windows Meta Files (WMF), it uses the Windows Picture and Fax Viewer (shimgvw.dll).

Lotus Notes accesses shimgvw.dll under the following circumstances:

  • When opening (launching) an image file attachment
  • When double clicking on (activating) an OLE object that uses the image viewer control
  • When the form is set to auto-launch first OLE object and the object uses the image control. In received emails, you have to say "Yes" to launch it before it will activate the object
  • When creating an OLE object that uses the image control
  • When browsing for a file in a folder (which is set to display thumbnails) that contains any image file

Customers should follow the recommendations and advice from Microsoft documented in

Lotus Notes does not access shimgvw.dll under the following circumstances:

  • When opening, previewing or reading an email with images in it
  • When opening, previewing or reading an email that has an OLE object that uses the image control. (Notes displays the image of the object but does not run the object unless the user takes action to activate it.)
  • When using the native Notes browser/HTML rendering engine
  • When browsing for a file in a folder that does not have image files

The image viewers used by Notes in these cases are not vulnerable to the Windows Meta File vulnerability reported in MS Security Advisory #912840.
 
 
 

Copyright and trademark information

IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.

Rate this page

Please take a moment to complete this form to help us better serve you.

This material provides me with the information I need.






This material is clear and easy to understand.






Did the information help you to achieve your goal?

What updates, improvements, or related information would you like to see in this document?

Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.

Input the verification number to submit feedback:


Document information

Product categories:

Software

Messaging Applications

Advanced Messaging

Lotus Notes

Lotus Notes

Operating system(s):

Windows

Software version:

6.0, 6.5, 7.0

Reference #:

1227004

IBM Group:

Software Group

Modified date:

2006-01-06

Translate my page

Rate this page