How to remotely crash Lotus Notes

Here is a fun little vulnerability that lets you remotely crash Lotus Notes on demand.

  1. Set your Sametime status to a REALLY, REALLY long value without any white space in it (this should work).
  2. Message the person whose Lotus Notes instance you would like to crash
  3. DONE!

Now this does not really crash Lotus Notes, rather it puts Lotus Notes in an infinite loop making it unusable until it is restarted.  My present theory is that Lotus Notes is trying to figure out how to word wrap the super long status and is looking to replace space characters with newline character.  As it can’t find any spaces to replace it just keeps trying forever.  (But this is only my theory.)

Previous Post