⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2017-1274

CWE-119Buffer Overflow8 documents6 sources
Severity
8.8HIGH
EPSS
17.8%
top 4.88%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
IBM Domino
Timeline
PublishedApr 25
Latest updateMay 14

Description

IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/domino8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4, 9.0.1.2, 8.5.0.1, 9.0.1.3, 8.5.1.4, 9.0.1.4, 9.0.1.5, 8.5.1.1, 9.0.1.6, 9.0.1.7, 9.0.1.8
NVDibm/domino5 versions+4

🔴Vulnerability Details

3
GHSA
GHSA-wgq5-wwrv-g964: IBM Domino 82022-05-14
CVEList
CVE-2017-1274: IBM Domino 82017-04-25
VulnCheck
IBM domino Improper Restriction of Operations within the Bounds of a Memory Buffer2017

💥Exploits & PoCs

2
Exploit-DB
Lotus Domino 8.5.3 - 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE)2019-05-08
Exploit-DB
Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table 'win32k!fsc_CalcGrayRow' (Denial of Service)2017-09-18

🕵️Threat Intelligence

2
Qualys
Shadow Brokers Fix for IBM Lotus Domino Released | Qualys2017-04-25
Qualys
Shadow Brokers Fix for IBM Lotus Domino Released2017-04-25
CVE-2017-1274 (HIGH CVSS 8.8) | IBM Domino 8.5.3 | cvebase.io