IBM Lotus Notes / Domino Client Memory Mapped Files Privilege Escalation

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by an
unauthorized access vulnerability.

Description :

The version of Lotus Notes installed on the remote Windows host fails
to adequately protect certain memory mapped files used by the
application for inter-process communications. In a shared user
environment, a local user may be able to leverage this issue to read
from these files, leading to information disclosure, or write to them,
possibly injecting active content such as Lotus Script.

See also :

http://www.securityfocus.com/archive/1/482694/30/0/threaded
http://www-1.ibm.com/support/docview.wss?uid=swg21257030

Solution :

Upgrade as necessary to Lotus Notes Client version 6.5.6 / 7.0.3 / 8.0
or later and then edit the 'notes.ini' configuration file as described
in the vendor advisory above.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 4.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 27574 ()

Bugtraq ID: 26146

CVE ID: CVE-2007-5544

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now