Bug and Patch in the Same Day for Lotus Notes
Category Security
ComputerWorld, PC World and other publications have reported a "critical" bug discovered in Lotus Notes by Core Security Technologies, apparently for all releases since R5. The bug relies on a technique known as file parsing, and works by exploiting a weakness in the Autonomy KeyView software when it used for viewing Lotus 1-2-3 attachments.
What isn't posted in the article, is that anyone can go to http://www.Lotus.com/security to find the latest security concerns for Lotus. There is already a posting on this exploit (dated, 11/27) which explains that IBM/Lotus has an available patch.
What do you think the odds are for the other 300 companies having their patches ready?
ComputerWorld, PC World and other publications have reported a "critical" bug discovered in Lotus Notes by Core Security Technologies, apparently for all releases since R5. The bug relies on a technique known as file parsing, and works by exploiting a weakness in the Autonomy KeyView software when it used for viewing Lotus 1-2-3 attachments.
The flaw probably affects other products, according to security experts, because KeyView -- which can be used to view and print files in about 300 file formats -- is used in many different programs. More than 300 companies, including Symantec and Oracle, have licensed the KeyView software.
What isn't posted in the article, is that anyone can go to http://www.Lotus.com/security to find the latest security concerns for Lotus. There is already a posting on this exploit (dated, 11/27) which explains that IBM/Lotus has an available patch.
What do you think the odds are for the other 300 companies having their patches ready?
- 
Comments
Posted by Jack Dausman At 11:49:19 PM On 11/29/2007 | - Website - |
Posted by Charles Robinson At 09:03:10 PM On 11/29/2007 | - Website - |