• Lotus Domino R6 
• Lotus Notes R6.x
• Lotus Notes R6.x Client

Two vulnerabilities have been reported in Lotus Domino/Notes which uses cross-site scripting and Lotus Notes URL Handler Argument Injection Vulnerability to compromise a vulnerable system.

The two vulnerabilities which have been reported in Lotus Notes and Lotus Domino are:

Cross-site Scripting Vulnerability

Cross-site scripting XSS occurs when an attacker introduces malicious scripts to a dynamic form that allows the attacker to capture the private session information.

Remote exploitation of a parameter filtering vulnerability in Lotus Notes application allows remote attackers to execute arbitrary code. An attacker can force a user to start Lotus Notes with a custom notes.ini file that is under the attacker's control and specifies a custom data directory that is also under the attacker's control. The attacker can create a malicious DLL containing arbitrary code that will be loaded and executed when notes.exe is starting up.

Successful exploitation allows remote attackers to execute arbitrary code under the privileges of the user that invoked the "notes:" URL handler with an affected version of Lotus Notes. The malicious URL can be transmitted to a target via e-mail or web and can also be embedded within an HTML IMG tag.

These vulnerabilities have been resolved in versions 6.0.4 and 6.5.2.

The Lotus Notes URL Handler Argument Injection Vulnerability and can be prevented if the use of Internet shares is restricted via firewall configuration or registry settings, It will also fail if the Notes client is already running on the user's workstation.