Description
Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ.
References (13)
Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56555
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/62612
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1023662
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21421808
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0496
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38459
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38755
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38744
Third Party Advisory third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg27018109
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38457
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38681
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0495
Scores
EPSS
0.0573
EPSS Percentile
92.2%
Details
CWE
CWE-119
Status
published
Products (30)
ibm/domino_web_access
6.5
ibm/domino_web_access
7.0
ibm/domino_web_access
7.0.1
ibm/domino_web_access
7.0.2
ibm/domino_web_access
7.0.3
ibm/domino_web_access
8.0
ibm/domino_web_access
8.0.2
ibm/lotus_inotes
229.011
ibm/lotus_inotes
229.021
ibm/lotus_inotes
229.031
... and 20 more
Published
Mar 03, 2010
Tracked Since
Feb 18, 2026