Jouko Pynnonen has reported three potential vulnerabilities in the handling of Java applets in the Lotus Notes 6.0x and 6.5x clients to IBM Lotus.
These issues have been reported to Quality Engineering as SPR#s: KSPR5YS6GR, KSPR62F4D3 and KSPR62F4KN. SPR# KSPR62F4KN has been addressed in 6.5.3 and 6.0.5. SPR# KSPR5YS6GR and SPR# KSPR62F4D3 have been addressed in 6.5.4 and 6.0.5.
For previous releases of Lotus Notes, Java applets can be disabled. To disable Java applets, select File -> Preferences -> User Preferences from the Notes client menu and uncheck the option for "Enable Java applets."
Excerpt from the Lotus Notes and Domino Release 6.0.5 / 6.5.3 / 6.5.4 MR fix lists (available at http://www.ibm.com/developerworks/lotus):
- SPR# KSPR62F4KN - Fixed a buffer overflow that caused Notes crash.
- SPR# KSPR5YS6GR - Fixed a potential security issue.
- SPR# KSPR62F4D3 - Fixed a potential security issue.