IBM Lotus Notes / Domino Client Memory Mapped Files Privilege Escalation
Medium Nessus Plugin ID 27574
SynopsisThe remote Windows host has an application that is affected by an unauthorized access vulnerability.
DescriptionThe version of Lotus Notes installed on the remote Windows host fails to adequately protect certain memory mapped files used by the application for inter-process communications. In a shared user environment, a local user may be able to leverage this issue to read from these files, leading to information disclosure, or write to them, possibly injecting active content such as Lotus Script.
SolutionUpgrade as necessary to Lotus Notes Client version 6.5.6 / 7.0.3 / 8.0 or later and then edit the 'notes.ini' configuration file as described in the vendor advisory above.