CVE-2014-0892

IBM Notes and Domino 8.5.x-8.5.3 FP6 IF3 and 9.x-9.0.1 FP1 - Remote Code Execution via Missing NX Protection

Title source: llm
STIX 2.1

Description

IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanism and placing crafted x86 code on the stack, aka SPR KLYH9GGS9W.

References (3)

Core 3
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/350089
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21670264
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/91286

Scores

EPSS 0.0411
EPSS Percentile 89.6%

Details

CWE
CWE-200
Status published
Products (45)
ibm/lotus_domino 8.5.0
ibm/lotus_domino 8.5.0.1
ibm/lotus_domino 8.5.1
ibm/lotus_domino 8.5.1.1
ibm/lotus_domino 8.5.1.2
ibm/lotus_domino 8.5.1.3
ibm/lotus_domino 8.5.1.4
ibm/lotus_domino 8.5.1.5
ibm/lotus_domino 8.5.2.0
ibm/lotus_domino 8.5.2.1
... and 35 more
Published Apr 23, 2014
Tracked Since Feb 18, 2026