CVE-2010-0919

EPSS 21.28%
Published 03.03.2010 19:30:00
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ.

Affected products Warnungen 0 Metrics 2 CWE 1 References 16

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Domino Web Access Version6.5

Ibm ≫ Domino Web Access Version7.0

Ibm ≫ Domino Web Access Version7.0.1

Ibm ≫ Domino Web Access Version7.0.2

Ibm ≫ Domino Web Access Version7.0.3

Ibm ≫ Domino Web Access Version8.0

Ibm ≫ Domino Web Access Version8.0.2

Ibm ≫ Lotus Inotes Version <= 229.271

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.011

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.021

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.031

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.041

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.051

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.061

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.101

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.111

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.131

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.141

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.151

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.161

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.171

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.181

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.191

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.201

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.211

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.221

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.231

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.241

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.251

Ibm ≫ Lotus Domino Version8.0.2.4

Ibm ≫ Lotus Inotes Version229.261

Ibm ≫ Lotus Domino Version8.0.2.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	21.28%	0.951

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.6	4.9	10	AV:N/AC:H/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www-01.ibm.com/support/docview.wss?uid=swg27018109

Vendor Advisory

http://www.securityfocus.com/bid/38459

http://www.vupen.com/english/advisories/2010/0496

Patch

Vendor Advisory

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857

http://secunia.com/advisories/38681

Vendor Advisory

http://secunia.com/advisories/38744

Vendor Advisory

http://secunia.com/advisories/38755