CVE-2000-0891

Vulnerability

A default Execution Control List (ECL) in Lotus Notes prior to version 5.02 grants all programs, regardless of authorship, full permissions including access to the file system and ability to execute external code [1]. This permissive configuration allows a malicious program attached to a Notes form (e.g., in an email) to run automatically when the form is opened, without any user prompt [1].

Exploitation

An attacker can craft an email containing a Notes form with a malicious program attached, triggered by an event such as PostOpen [1]. The attacker sends the email to a victim using Lotus Notes. When the victim opens the email, the program executes automatically because the default ECL grants all permissions to any program [1]. No additional user interaction is required beyond opening the email [1].

Impact

Successful exploitation allows the attacker to execute arbitrary commands on the victim's workstation with the privileges of the logged-in user [1]. This can lead to complete compromise of the system, including data theft, installation of malware, or further network propagation [1].

Mitigation

The vulnerability is fixed in Lotus Notes version 5.02 [1]. Users should upgrade to 5.02 or later. If upgrading is not possible, administrators should configure ECLs to restrict permissions appropriately, following guidance from IBM/Lotus [1]. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.