Multiple vulnerabilities have been reported in IBM Lotus Notes, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information and by malicious people to bypass certain security mechanisms or compromise a user's system.

1) Errors within various third-party file viewers (mifsr.dll, awsr.dll, kpagrdr.dll, exesr.dll, rtfsr.dll, mwsr.dll, exesr.dll, wp6sr.dll, and lasr.dll) can be exploited to cause buffer overflows by tricking a user into viewing a specially crafted attachment.

Successful exploitation may allow execution of arbitrary code.

2) A boundary error when parsing HTML messages in nnotes.dll can be exploited to cause a buffer overflow when a user acts upon a malicious HTML message (e.g. replying, forwarding, or copying it to the clipboard).

Successful exploitation may allow execution of arbitrary code.

3) An error in the ECL (Execution Control List) mechanism may result in attachments being executed automatically instead of displaying the Execution Security Alert when handling Notes database (.nsf) and Notes template (.ntf) attachments.

4) Insecure permissions on shared memory allows any local user to access memory containing other users' data.

5) An error in the Lotus Notes client when processing specially-crafted SMTP responses can be exploited to crash the client or execute arbitrary code.

Solution
Update to version 7.0.3 or 8.0.
Further details available to Secunia VIM customers

Provided and/or discovered by
The vendor credits:
1) ZDI and Tan Chew-Keong
2) UVInc, reported via iDefense Labs
3) Ed Schaller
4) Ollie Whitehouse, Symantec
5) Dan Ritter & the VCC

Changelog
Further details available to Secunia VIM customers

Original Advisory
IBM:
http://www-1.ibm.com/support/docview.wss?uid=swg21271111
http://www-1.ibm.com/support/docview.wss?uid=swg21272836
http://www-1.ibm.com/support/docview.wss?uid=swg21272930
http://www-1.ibm.com/support/docview.wss?uid=swg21270884
http://www-1.ibm.com/support/docview.wss?uid=swg21257030
http://www-1.ibm.com/support/docview.wss?uid=swg21271957

Vuln.sg:
http://vuln.sg/lotusnotes702doc-en.html
http://vuln.sg/lotusnotes702sam-en.html
http://vuln.sg/lotusnotes702wpd-en.html
http://vuln.sg/lotusnotes702mif-en.html

Symantec:
http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=604

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-07-059.html

Alternate/detailed remediation
Further details available in Customer Area

Deep Links
Links available to Secunia VIM customers