CVE-2017-1274

HIGH EXPLOITED IN THE WILD

IBM Domino 8.5-9.0 - Authenticated Stack-Based Buffer Overflow via IMAP Mailbox Name

Title source: llm

Exploitation Summary

CVE-2017-1274 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including Charles Truscott.

AI-analyzed exploit summary This exploit targets a buffer overflow in Lotus Domino IMAP server (CVE-2017-1274) with a ROP chain to bypass DEP/ASLR and execute arbitrary code. The payload includes a placeholder for an alphanumeric shellcode (e.g., msfvenom) and triggers via the EXAMINE command after authentication.

Description

IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749.

Exploits (1)

exploitdb WORKING POC

by Charles Truscott · pythonremotewindows

https://www.exploit-db.com/exploits/46808

View Code ZIP pw:eip

This exploit targets a buffer overflow in Lotus Domino IMAP server (CVE-2017-1274) with a ROP chain to bypass DEP/ASLR and execute arbitrary code. The payload includes a placeholder for an alphanumeric shellcode (e.g., msfvenom) and triggers via the EXAMINE command after authentication.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: IBM Lotus Domino 8.5.3 FP0

Auth required

Prerequisites: Network access to target IMAP server (port 143) · Valid credentials for authentication · Alphanumeric shellcode payload

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Vendor Advisory x_refsource_confirm

http://www.ibm.com/support/docview.wss?uid=swg22002280

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/97910

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/98019

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038358

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/152786/Lotus-Domino-8.5.3-EXAMINE-Stack-Buffer-Overflow.html

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

https://www.kb.cert.org/vuls/id/676632

Scores

CVSS v3 8.8

EPSS 0.0674

EPSS Percentile 93.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2017-03-20

InTheWild.io 2017-03-20

CWE

CWE-119

Status published

Products (6)

ibm/domino 8.5.3

ibm/domino 8.5.3.6

ibm/domino 9.0.0.0

ibm/domino 9.0.1

ibm/domino 9.0.1.8

IBM/Domino 8.5.3.5, 8.5.3.6, 9.0.1, 8.5, 9.0, 8.5.1, 8.5.2, 8.5.3, 9.0.1.1, 8.0.2, 8.0, 8.0.1, 8.5.1.5, 8.5.2.4

Published Apr 25, 2017

Tracked Since Feb 18, 2026