Highly popular enterprise email and workgroup solution IBM Notes/Domino has a huge security vulnerability that allows for installation of spyware on a client system by doing as little as opening an email. The culprit behind the vulnerability is Java again – automatic execution of JavaScript code to be more specific. As seen in the case of web pages over the last few months automatic JavaScript execution leads to compromise of systems, users who have email clients installed on systems that allow for automatic execution too are vulnerable. This is the reason almost all email clients out there have turned off JavaScript and Java when displaying an HTML email – except for IBM’s Notes. However, IBM has released advisory for this issue. <more>
Menu