CVE-2013-2977

IBM Notes <9.0.1 - RCE

Title source: llm

Description

Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q.

Exploits (1)

nomisec WORKING POC

by defrancescojp · poc

https://github.com/defrancescojp/CVE-2013-2977

View Code ZIP pw:eip

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

http://www-01.ibm.com/support/docview.wss?uid=swg21635878

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/83967

Scores

EPSS 0.1614

EPSS Percentile 94.8%

Details

CWE

CWE-189

Status published

Products (20)

ibm/lotus_notes 8.5

ibm/lotus_notes 8.5.0.0

ibm/lotus_notes 8.5.0.1

ibm/lotus_notes 8.5.1

ibm/lotus_notes 8.5.1.0

ibm/lotus_notes 8.5.1.1

ibm/lotus_notes 8.5.1.2

ibm/lotus_notes 8.5.1.3

ibm/lotus_notes 8.5.1.4

ibm/lotus_notes 8.5.1.5

... and 10 more

Published May 10, 2013

Tracked Since Feb 18, 2026