IBM Notes Local Arbitrary Code Execution Vulnerability

Release date:
Updated on: 2013-06-17

Affected Systems:
IBM Lotus Notes 9.0
IBM Lotus Notes 8.5.x
IBM Lotus Notes 8.0.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 60554
CVE (CAN) ID: CVE-2013-0536
 
IBM Lotus Notes is a desktop client that provides users with single-point access, helping them create, query, and share knowledge, collaborate with teams, and take appropriate actions.
 
IBM Notes has a security vulnerability in the implementation of the Multi User Profile Cleanup service, which allows attackers to execute arbitrary code in the context of the next login User.
 
<* Source: Markus Pieton

Link: http://www-01.ibm.com/support/docview.wss? Uid = swg21633827
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
IBM
---
For this reason, IBM has released a Security Bulletin (21633827) and corresponding patches:
21633827: IBM Notes Multi User Profile Cleanup service enables an attacker to execute arbitrary code on the next logon of a user (CVE-2013-0536)
Link: http://www-01.ibm.com/support/docview.wss? Uid = swg21633827
 
Patch download: http://www.ibm.com/support/docview.wss? Uid = swg21640580
Http://www.ibm.com/support/docview.wss? Uid = swg21639571