Contact us: +49 4307 900 407 or contact@assono.de

en · de

Next vulnerability: Sametime 3.1 - 7.0 this time

by Thomas,
assono GmbH, Standort Kiel,


There is another recently published vulnerability, IBM Lotus Sametime this time. Versions 3.1, 6.5.1 and 7.0 are affected, but not 7.5:

The affectect JNILoader ActiveX control
is not used in Sametime 7.5 anymore, thus this version is not affected.
A hotfix for Sametime 7.0 exists.


But the easiest workaround is not to
use Internet Explorer wink.gif


More details:

IBM Lotus Sametime JNILoader Vulnerability

iDefense contacted IBM® Lotus® to report a potential vulnerability with the JNILoader ActiveX control used by the IBM Lotus Sametime® Web Conferencing server.

The iDefense advisory can be accessed from the following link: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=495

The JNILoader ActiveX control was introduced in early versions of the Sametime web conferencing server in order to prevent crashes caused by the length of time it took to uninitialize the Sametime audio/video DLLs when closing the browser. The JNILoader control was scriptable to allow for DLL version changes between Sametime server releases. The primary function of this ActiveX control was to load/unload native Sametime DLLs, however, the control can be re-used on non-Sametime pages such that the scriptable "loadLibrary()" function has the potential to be exploited to load malicious code on the local workstation. This functionality was replaced in Sametime 7.5 with a 100% Java-based, and non-scriptable solution which could be used with all browsers. In controlled environments, there is no risk with Sametime servers. The risk is when the Sametime related ActiveX control is used on non-Sametime web pages.

Thomas Bahn

Thomas Bahn, Diplom-Mathematiker, IT-Spezialist & Speaker auf Fachkonferenzen

Thomas Bahn ist Mitgründer und Geschäftsführer der assono GmbH. Seit mehr als 20 Jahren berät er erfolgreich Unternehmen aus ganz Deutschland rund um das Thema Software und Digitalisierung. Insbesondere in den Bereichen HCL Notes und Domino (ehemals IBM) als auch bei aktuellen, unternehmensrelevanten KI-Themen wie Chatbots kennt er die neusten Entwicklungen und weiß, wie diese sich gewinnbringend für Unternehmen einsetzen lassen. Aufgrund seines Expertenwissens ist Thomas Bahn regelmäßiger Sprecher auf nationalen und internationalen Fachkonferenzen.

Technical article Sametime Security

You have questions about this article? Contact us: blog@assono.de

Sie wollen eine individuelle Beratung oder einen Workshop? Read more

More interesting entries

Any questions? Contact us.

If you want to know more about our offers, you can contact us at any time. There are several ways to contact us for a non-binding first consultation.

assono GmbH

Location Kiel (headquarters)
assono GmbH
Lise-Meitner-Straße 1–7
24223 Schwentinental

Location Hamburg
assono GmbH
Bornkampsweg 58
22761 Hamburg

Phone numbers:
Human resources department: +49 4307 900 407
Marketing department: +49 4307 900 411

E-Mail adresses:
contact@assono.de
bewerbung@assono.de

Consent for External Media

In order to provide you with the best possible information about our offerings and current topics such as artificial intelligence, we integrate external content (videos from Wistia) on our website. We also use Google Analytics and SalesViewer® to collect general statistics and improve our website. In the process, we establish a connection to the servers of the respective operators and may use cookies. See: assono.de/datenschutz