1 min read

Java Applets May Fully Compromise Notes Users

Bianca STANESCU

May 02, 2013

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Java Applets May Fully Compromise Notes Users

Java applets may fully compromise Notes users with just one click from cyber-criminals sending them through HTML e-mails, according to an IBM security advisory. The vulnerabilities affect 8.0.x, 8.5.x, and the new Notes 9 versions, but the company promises to soon fix the problems.

Java Applets May Fully Compromise Notes Users “This would allow attackers to compromise users reading/previewing an email” through “arbitrary code executions,” IBM says.

Full Disclosure researchers also said this can be used to load arbitrary Java applets from remote sources, for information disclosure. The attack may also be used to trigger an HTTP request once the mail is previewed or opened.

“Combined with known Java sandbox escape vulnerabilities, it can be used to fully compromise the user reading the email,” researchers said.

Users can work around the issues by disabling their Java applets, Java access from JavaScript, and JavaScript from their Notes preferences. They can also set the “0” variable in the notes.ini file for the “EnableJavaApplets”, “EnableLiveConnect”, and “EnableJavaScript” options.

The IBM Notes mail client accepts Java applet tags and JavaScript tags inside HTML emails, making it possible to load applets and scripts from a remote location.

 

tags


Author


Bianca STANESCU

Bianca Stanescu, the fiercest warrior princess in the Bitdefender news palace, is a down-to-earth journalist, who's always on to a cybertrendy story.

View all posts

You might also like

Bookmarks


loader