CVE-2004-2280

IBM Lotus Notes <6.5.3, <6.0.5 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2280. PoCs published by Jouko Pynnonen.

AI-analyzed exploit summary The exploit demonstrates three vulnerabilities in IBM Lotus Notes Java applets: information disclosure, arbitrary browser redirection, and a stack-based buffer overflow. The PoC includes code snippets for triggering these issues via malformed applet tags.

Description

Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jouko Pynnonen · textdosunix
https://www.exploit-db.com/exploits/24275

The exploit demonstrates three vulnerabilities in IBM Lotus Notes Java applets: information disclosure, arbitrary browser redirection, and a stack-based buffer overflow. The PoC includes code snippets for triggering these issues via malformed applet tags.

Classification
Working Poc 90%
Attack Type
Rce | Info Leak | Other
Complexity
Trivial
Reliability
Reliable
Target: IBM Lotus Notes (versions affected by CVE-2004-2280)
No auth needed
Prerequisites: Victim must load a malicious webpage or HTML content with the embedded applet
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10704
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/12046
Patch vdb-entry x_refsource_osvdb
http://www.osvdb.org/8418

Scores

EPSS 0.0894
EPSS Percentile 94.6%

Details

Status published
Products (10)
ibm/lotus_notes 6.0
ibm/lotus_notes 6.0.1
ibm/lotus_notes 6.0.2
ibm/lotus_notes 6.0.3
ibm/lotus_notes 6.0.4
ibm/lotus_notes 6.0.5
ibm/lotus_notes 6.5
ibm/lotus_notes 6.5.1
ibm/lotus_notes 6.5.2
ibm/lotus_notes 6.5.3
Published Dec 31, 2004
Tracked Since Feb 18, 2026