Buffer overflow in Ibm Domino_web_access

CVE-2010-0919

Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arb…

Vulnerability class: Buffer Overflow

EPSS: 0.168 (95.1th percentile) — read the EPSS interpretation.

Affected products

Ibm Domino_web_access — versions 7.0, 8.0.2, 8.0
Ibm Lotus_domino — versions 8.0.2.4
Ibm Lotus_inotes — versions 229.211, 229.231, 229.061
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

20100301 IBM Lotus Domino Web Access ActiveX Stack Buffer Overflow Vulnerability (x_refsource_IDEFENSE, third-party-advisory)
38681 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
38744 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
38755 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
1023662 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
62612 (x_refsource_OSVDB, vdb-entry)
38457 (vdb-entry, x_refsource_BID)
38459 (vdb-entry, x_refsource_BID)