CVE-2003-0179 — Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Lotus Domino WEB Server

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

43.1%

top 2.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Lotus Domino WEB Server IBM Lotus Notes Client

Timeline

PublishedApr 2

Latest updateApr 29

Description

Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDibm/lotus_domino_web_server6.0

▶NVDibm/lotus_notes_client6.0

Patches

Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-m4q6-7mf8-cxrc: Buffer overflow in the COM Object Control Handler for Lotus Domino 6↗2022-04-29

▶

CVEList

CVE-2003-0179: Buffer overflow in the COM Object Control Handler for Lotus Domino 6↗2003-03-29

▶