Lotus Software Information for VU#980499

Certain MIME types can cause Internet Explorer to execute arbitrary code when rendering HTML

Status

Affected

Vendor Statement

Notes doesn't use IE to display HTML formatted email.

If a user's browser preferences specify Notes with Internet Explorer, then
the version of Internet Explorer that is installed on the user's
workstation is used for browsing.  It is launched as an ActiveX component
within Notes, but Notes does not ship any IE code.  If Internet Explorer is
chosen as the user's preferred browser, then Notes launches Internet
Explorer in a separate window and opens the link.  The Notes client does
not need to be upgraded but the user must upgrade their version of Internet
Explorer to prevent against this vulnerability, which they should do
anyway.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional information at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.