IBM Support

Security Vulnerabilities Reported with Java Applets

Technote (FAQ)


Jouko Pynnonen has reported three potential vulnerabilities in the handling of Java applets in the Lotus Notes 6.0x and 6.5x clients to IBM Lotus.


These issues have been reported to Quality Engineering as SPR#s: KSPR5YS6GR, KSPR62F4D3 and KSPR62F4KN. SPR# KSPR62F4KN has been addressed in 6.5.3 and 6.0.5. SPR# KSPR5YS6GR and SPR# KSPR62F4D3 have been addressed in 6.5.4 and 6.0.5.

For previous releases of Lotus Notes, Java applets can be disabled. To disable Java applets, select File -> Preferences -> User Preferences from the Notes client menu and uncheck the option for "Enable Java applets."

Excerpt from the Lotus Notes and Domino Release 6.0.5 / 6.5.3 / 6.5.4 MR fix lists (available at

  • SPR# KSPR62F4KN - Fixed a buffer overflow that caused Notes crash.
  • SPR# KSPR5YS6GR - Fixed a potential security issue.
  • SPR# KSPR62F4D3 - Fixed a potential security issue.

Document information

More support for: Lotus End of Support Products
Lotus Notes

Software version: 6.0, 6.5

Operating system(s): Windows

Reference #: 1173910

Modified date: 09 March 2010

Translate this page: