Multiple vulnerabilities have been identified in IBM Lotus Domino, which could be exploited by attackers to execute arbitrary commands or scripting code.
The first issue is due to an input validation error in the Active Content Filter feature when processing certain email messages, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected server.
The second vulnerability is due to a buffer overflow error in the CRAM-MD5 authentication mechanism within the IMAP service when processing an overly long username (more than 256 bytes), which could be exploited by remote unauthenticated attackers to crash or compromise an affected server.
The third issue is due to a heap overflow error in the LDAP service that fails to properly handle a DN (Distinguished Name) message with an overly long string (more than 65535 bytes), which could be exploited by by remote unauthenticated attackers to crash or compromise an affected server.
Affected Products
IBM Lotus Domino versions 6.x
IBM Lotus Domino versions 7.x
Solution
Upgrade to IBM Lotus Domino version 6.5.6 or 7.0.2 Fix Pack 1 (FP1) :
http://www14.software.ibm.com/webapp/download/support.jsp