Ollie Whitehouse from Symantec contacted IBM® Lotus® to report a vulnerability in how memory mapped files are used with Lotus Notes® and Domino® on the Microsoft Windows platform in shared user environments, for example, using Citrix.
The advisory can be accessed at the following link: http://www.symantec.com/research
By default, "Everyone" on the Windows system has access to shared memory created by Notes and Domino processes. This may pose a security risk in shared Notes user environments, such as when running multiple Notes clients on a Citrix server. The Domino server also uses shared memory, but as Domino servers are generally well protected, this may pose less of a risk.
To successfully exploit this vulnerability, an attacker must have local access to the system and must execute a malicious program.