Applet Execution Flaw in IBM Lotus Notes
CVE-2013-0127

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Notes
Vendor: CVE Published:; 1 May 2013

Summary

An identified vulnerability in IBM Lotus Notes allows remote attackers to execute arbitrary Java code through crafted HTML emails. The software fails to block APPLET elements in emails, which undermines security measures and permits unauthorized execution of Java applets. This flaw poses a risk to users as it can allow remote messages to exploit the X-Confirm-Reading-To functionality and potentially compromise user systems.

References

http://seclists.org/fulldisclosure/2013/Apr/262

mailing-listx_refsource_FULLDISC

http://www.kb.cert.org/vuls/id/912420

third-party-advisoryx_refsource_CERT-VN

https://exchange.xforce.ibmcloud.com/vulnerabilities/83775

vdb-entryx_refsource_XF

Timeline

Vulnerability published
May 1, 2013
Vulnerability Reserved
Dec 6, 2012