The Lotus Notes mail client accepts applet tags inside HTML emails, making it possible to load Java applets from a remote location. Combined with known Java sandbox escape vulnerabilities, it can be used to fully compromise the user reading the email.
72507df8ce813a6baed8ae1404ff3467f4a3d09f17024073ea1c0b531c0f08c6