In order for an attacker to successfully exploit this vulnerability in previous releases, the following must be accomplished:
(3) Attacker must attach the Java applet to an email and send the mail message to a user.
(4) User must open the message.
Jouko Pynnonen's original advisory is available at the following link:
The related Sun advisory is available at the following link:
The Java Virtual Machine (JVM) fix for the vulnerability reported as Sun Alert # 57591/101523 has been incorporated into Notes release 7.0.2. Notes release 8.0 is not affected by this vulnerability.
To manage the User Preferences for a all users
Administrators can centrally manage the User Preferences by using a Desktop Policy.
1. Open the Domino Directory and go to the Policy section.
2. Choose the Desktop Policy and navigate to the "Preferences" tab
3. Select the "Miscellaneous" tab.
To learn more about the Desktop Policy and how to manage it, refer to the Domino Administrator Help.
To change the User Preferences for a single user.
1. From the Lotus Notes menu, select File ->Preferences ->User Preferences.
2. Select the Basics tab, and navigate to the Additional Options section.
|Security Rating using Common Vulnerability Scoring System (CVSS) v2|
|CVSS Base Score: < 5.8 >
Impact Subscore: < 4.9 >
Exploitability Subscore: < 8.6 >
CVSS Temporal Score: < 4.5 >
CVSS Environmental Score: < Undefined* >
Overall CVSS Score: < 4.5 >
*The CVSS Environment Score is customer environment-specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the referenced links.