CVE-2015-0179

IBM Domino 8.5.x-8.5.3 FP6 IF6 and 9.x-9.0.1 FP3 IF1 - Local Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-0179. PoCs published by ParagonSec.

AI-analyzed exploit summary The exploit describes a privilege escalation vulnerability in Lotus Notes Diagnostic Tool (nsd.exe) where an attacker can execute commands under the System context by leveraging the tool's monitor mode. The proof of concept involves running 'nsd.exe -monitor' followed by the 'LOAD CMD' command to spawn a System-level command prompt.

Description

Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.

Exploits (1)

exploitdb WRITEUP
by ParagonSec · textlocalwindows
https://www.exploit-db.com/exploits/42605

The exploit describes a privilege escalation vulnerability in Lotus Notes Diagnostic Tool (nsd.exe) where an attacker can execute commands under the System context by leveraging the tool's monitor mode. The proof of concept involves running 'nsd.exe -monitor' followed by the 'LOAD CMD' command to spawn a System-level command prompt.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: IBM Lotus Notes 8.5 & 9.0
Auth required
Prerequisites: Local access to the system · Ability to execute nsd.exe
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21700029
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032027
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42605/

Scores

EPSS 0.0112
EPSS Percentile 61.9%

Details

CWE
CWE-264
Status published
Products (5)
ibm/domino 8.5.0
ibm/domino 8.5.1
ibm/domino 8.5.2
ibm/domino 8.5.3
ibm/domino 9.0.1
Published Apr 06, 2015
Tracked Since Feb 18, 2026