If the "123" extension type (Lotus 1-2-3 spreadsheet format) is not being used, this might be valuable to add to the email attachment blocking list used by Lotus Notes shops. There are some workarounds for version 5 and 7. IBM may have a version 6 solution by the end of the month.
QUOTE: Sebastián Muñiz from the CORE IMPACT Exploit Writers Team (EWT) at Core Security Technologies contacted IBM® Lotus® to report a potential keyview buffer overflow vulnerability in Lotus Notes® when viewing a Lotus 1-2-3 (.123 extension) file attachment. In specific situations it was found that the possibility exists to execute arbitrary code.
To successfully exploit this vulnerability, an attacker would need to send a specially crafted Lotus 1-2-3 file attachment to users, and the users would then have to double-click and View the attachment.