CVE-2000-1117

Name of the Vulnerable Software and Affected Versions Lotus Notes Client R5

Description The issue concerns the Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in the affected software. It allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.

Recommendations For Lotus Notes Client R5, consider restricting access to the getSystemResource method until a fix is available. As a temporary workaround, disabling the ECL feature may help minimize the risk of exploitation.