Lotus Domino iNotes Attached File XSS

2006-02-10T07:02:51
ID OSVDB:23077
Type osvdb
Reporter Tan Chew Keong(vuln@secunia.com), Jakob Balle(jb@secunia.com)
Modified 2006-02-10T07:02:51

Description

Vulnerability Description

Lotus Notes contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate HTML attachments of emails upon displaying them to the user. In addition, Lotus Notes fails to properly sanitise the attachment's file name before displaying it to the user. Both these issues could allow an attacker to create a specially crafted HTML file or a specially crafted file name that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 6.5.5, 7.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Lotus Notes contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate HTML attachments of emails upon displaying them to the user. In addition, Lotus Notes fails to properly sanitise the attachment's file name before displaying it to the user. Both these issues could allow an attacker to create a specially crafted HTML file or a specially crafted file name that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1015610 Secunia Advisory ID:16340 Related OSVDB ID: 23078 Related OSVDB ID: 23079 Other Advisory URL: http://secunia.com/secunia_research/2005-38/advisory/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0183.html ISS X-Force ID: 24611 FrSIRT Advisory: ADV-2006-0499 CVE-2006-0662 CVE-2006-0663 Bugtraq ID: 16577