IBM Notes contains a vulnerability when parsing maliciously crafted PNG images, which may be embedded within an email message. No user interaction is required to exploit this vulnerability, other than viewing an email that contains a malicious PNG. Successful exploitation may allow a remote attacker to arbtrarily execute code within the security context of the currently logged on user.
IBM Notes (formerly IBM Lotus Notes) for UNIX/Linux:
Remote Code Execution
Remote Code Execution Exploitation of this vulnerability is possible by convincing users to open an email containing a maliciously crafted PNG. Remote attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as the currently logged on user.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 19074 - IBM Notes PNG Integer Overflow (20130506) - UNIX/Linux
- IBM Security Advisory
- IBM Fix Pack 5 Information
- IBM Notes 9.0.1 Fix List (SPR #NPEI96K82Q , PNG vulnerability)