Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-0919

Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ.

Published

2010-03-03T19:30:00.743

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.6 (HIGH)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

4.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	domino_web_access	6.5	Yes
Application	ibm	domino_web_access	7.0	Yes
Application	ibm	domino_web_access	7.0.1	Yes
Application	ibm	domino_web_access	7.0.2	Yes
Application	ibm	domino_web_access	7.0.3	Yes
Application	ibm	domino_web_access	8.0	Yes
Application	ibm	domino_web_access	8.0.2	Yes
Application	ibm	lotus_inotes	≤ 229.271	Yes
Application	ibm	lotus_inotes	229.011	Yes
Application	ibm	lotus_inotes	229.021	Yes
Application	ibm	lotus_inotes	229.031	Yes
Application	ibm	lotus_inotes	229.041	Yes
Application	ibm	lotus_inotes	229.051	Yes
Application	ibm	lotus_inotes	229.061	Yes
Application	ibm	lotus_inotes	229.101	Yes
Application	ibm	lotus_inotes	229.111	Yes
Application	ibm	lotus_inotes	229.131	Yes
Application	ibm	lotus_inotes	229.141	Yes
Application	ibm	lotus_inotes	229.151	Yes
Application	ibm	lotus_inotes	229.161	Yes
Application	ibm	lotus_inotes	229.171	Yes
Application	ibm	lotus_inotes	229.181	Yes
Application	ibm	lotus_inotes	229.191	Yes
Application	ibm	lotus_inotes	229.201	Yes
Application	ibm	lotus_inotes	229.211	Yes
Application	ibm	lotus_inotes	229.221	Yes
Application	ibm	lotus_inotes	229.231	Yes
Application	ibm	lotus_inotes	229.241	Yes
Application	ibm	lotus_inotes	229.251	Yes
Application	ibm	lotus_inotes	229.261	Yes
Application	ibm	lotus_domino	8.0.2.4	No

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857 ([email protected])
http://secunia.com/advisories/38681 Vendor Advisory ([email protected])
http://secunia.com/advisories/38744 Vendor Advisory ([email protected])
http://secunia.com/advisories/38755 Vendor Advisory ([email protected])
http://securitytracker.com/id?1023662 ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg21421808 Vendor Advisory ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg27018109 Vendor Advisory ([email protected])
http://www.osvdb.org/62612 ([email protected])
http://www.securityfocus.com/bid/38457 ([email protected])
http://www.securityfocus.com/bid/38459 ([email protected])
http://www.vupen.com/english/advisories/2010/0495 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/0496 Patch, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/56555 ([email protected])
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38681 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38744 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38755 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1023662 (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg21421808 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg27018109 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/62612 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/38457 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/38459 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/0495 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/0496 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/56555 (af854a3a-2127-422b-91ae-364da2661108)