CVE-2004-0480

Name of the Vulnerable Software and Affected Versions IBM Lotus Notes versions 6.0.3 through 6.5

Description The issue allows remote attackers to execute arbitrary code via a notes: URI that uses a UNC network share pathname to provide an alternate notes.ini configuration file to notes.exe. This is related to an argument injection vulnerability.

Recommendations For versions 6.0.3 through 6.5, consider restricting access to UNC network share pathnames in notes: URIs to minimize the risk of exploitation. As a temporary workaround, avoid using notes: URIs with UNC network share pathnames until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.