CVE-2006-3778

Name of the Vulnerable Software and Affected Versions IBM Lotus Notes versions 6.0 through 7.0

Description The issue arises from improper handling of replies to e-mail messages with alternate name users. This occurs under two specific conditions: when the "Save As Draft" option is used or when a comma is present inside the phrase portion of an address. As a result, e-mails can be sent to users who were previously deleted from the To, CC, and BCC fields, potentially allowing remote attackers to obtain the list of original recipients.

Recommendations For versions 6.0 through 7.0, consider disabling the "Save As Draft" option and avoid using commas within the phrase portion of addresses until a proper fix is applied. Restrict access to sensitive e-mail features to minimize the risk of exploitation.