Ollie Whitehouse of Symantec reported a buffer overflow condition in the NOTES.INI on the Lotus Notes client, which if exploited could cause the client to crash. This vulnerability cannot be remotely exploited by an attacker; local access to the NOTES.INI file is required.
This problem has not been demonstrated to result in execution of malicious code.
This issue was reported to Quality Engineering and has been addressed in Domino 6.5.4 and 6.0.5. Customers should upgrade to address this potential vulnerability.
Excerpt from the Lotus Notes and Domino Release 6.5.4/6.0.5 MR fix list (available at http://www.ibm.com/developerworks/lotus):
- SPR# KSPR68USBE - Fixed a potential Denial of Service attack.