Researchers at Core Security Technologies discovered a rare bug in IBM’s Lotus Notes Software that allows attackers to run malicious software on users’ PCs.

An excerpt from PC World:

The flaw lies in the Autonomy KeyView software used by Lotus Notes to process Lotus 1-2-3 files. Core’s researchers found that when they opened a specially crafted Lotus 1-2-3 e-mail attachment in Lotus Notes, they could run unauthorized software on the PC.

Although details of the flaw have not been published, and it has not been picked up by online criminals, it would not be hard for a determined attacker to write code that exploited the flaw, said Ivan Arce, chief technology officer with Core.

The flaw occurs due to buffer overflows in the file viewer module, leading to execution of injected code. The bug affects several versions of Lotus Notes, including 7.x and 8.x.

IBM has made available workarounds for the vulnerability at its site.

More information:

Core Security Technologies Discovers Vulnerability in IBM’s Lotus Notes