CVE-2007-1675

EXPLOITED

IBM Lotus Domino - Buffer Overflow

Title source: rule

Description

Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username.

Exploits (3)

exploitdb WORKING POC VERIFIED

by dmc & prdelka · pythonremotewindows

https://www.exploit-db.com/exploits/4207

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by muts · pythonremotewindows

https://www.exploit-db.com/exploits/3616

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Winny Thomas · pythondoswindows

https://www.exploit-db.com/exploits/3602

View Code ZIP pw:eip

References (8)

[Vendor Advisory] http://secunia.com/advisories/24633

[Patch] http://www-1.ibm.com/support/docview.wss?uid=swg21257028

[Patch] http://www.securityfocus.com/bid/23173

[Third Party Advisory] http://www.zerodayinitiative.com/advisories/ZDI-07-011.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/33276

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23172

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1017823

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1133

Scores

EPSS 0.7698

EPSS Percentile 99.0%

Details

VulnCheck KEV 2017-06-20

Status published

Products (9)

ibm/lotus_domino 6.5.0

ibm/lotus_domino 6.5.1

ibm/lotus_domino 6.5.2

ibm/lotus_domino 6.5.3

ibm/lotus_domino 6.5.4 (3 CPE variants)

ibm/lotus_domino 6.5.5 (3 CPE variants)

ibm/lotus_domino 7.0

ibm/lotus_domino 7.0.1

ibm/lotus_domino 7.0.2

Published Mar 28, 2007

Tracked Since Feb 18, 2026