Security Alert (A15-05-01): Multiple Vulnerabilities in IBM Notes, iNotes and Domino
12 May 2015
IBM has issued a security bulletin to address two image parsing buffer overflow vulnerabilities in IBM Domino and one cross-site scripting vulnerability in the IBM Dojo Toolkit in IBM Notes, iNotes and Domino. A remote attacker could exploit these vulnerabilities by enticing a user to visit a specially crafted URL to execute scripts or sending a specially crafted bitmap (.BMP) image to the vulnerable Domino SMTP server.
IBM Notes and Domino 9.0.1 Fix Pack 3 (plus Interim Fixes) and earlier
IBM Notes and Domino 8.5.3 Fix Pack 6 (plus Interim Fixes) and earlier
All 9.0 and 8.5.x releases of IBM Domino prior to those listed above
Successful exploitation could lead to arbitrary code execution, retrieval of sensitive information and system crash.
The vendor has released fixes to address the issue and they can be downloaded at the following URL:
Notes & Domino 9.0.1 Fix Pack 3 (Interim Fix 4 for Notes and Interim Fix 3 for Domino) http://www.ibm.com/support/docview.wss?uid=swg21657963