// For flags

CVE-2011-0913

Lotus Domino Server diiop getEnvironmentString Remote Code Execution Vulnerability

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString request, related to the local variable cache.

Desbordamiento de búfer basado en pila en ndiiop.exe en la aplicación DIIOP en el servidor de IBM Lotus Domino v8.5.3 y anteriores, permite a atacantes remotos ejecutar código de su elección mediante una petición getEnvironmentString de GIOP, relacionado con la caché de varible local.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability.
The flaw exists within the ndiiop.exe component which listens by default on a dynamic TCP port. When handling a GIOP getEnvironmentString request the process blindly copies user supplied argument into an stack buffer while checking the local variable cache. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

*Credits: Intevydis, http://intevydis.com
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-02-07 CVE Published
  • 2011-02-08 CVE Reserved
  • 2024-07-06 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
<= 8.5.2.2
Search vendor "Ibm" for product "Lotus Domino" and version " <= 8.5.2.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
4.6.1
Search vendor "Ibm" for product "Lotus Domino" and version "4.6.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
4.6.3
Search vendor "Ibm" for product "Lotus Domino" and version "4.6.3"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
4.6.4
Search vendor "Ibm" for product "Lotus Domino" and version "4.6.4"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
5.0
Search vendor "Ibm" for product "Lotus Domino" and version "5.0"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
5.0.1
Search vendor "Ibm" for product "Lotus Domino" and version "5.0.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
5.0.2
Search vendor "Ibm" for product "Lotus Domino" and version "5.0.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
5.0.3
Search vendor "Ibm" for product "Lotus Domino" and version "5.0.3"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
5.0.4
Search vendor "Ibm" for product "Lotus Domino" and version "5.0.4"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
5.0.4a
Search vendor "Ibm" for product "Lotus Domino" and version "5.0.4a"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
5.0.5
Search vendor "Ibm" for product "Lotus Domino" and version "5.0.5"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
5.0.6
Search vendor "Ibm" for product "Lotus Domino" and version "5.0.6"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
5.0.6a
Search vendor "Ibm" for product "Lotus Domino" and version "5.0.6a"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
5.0.7
Search vendor "Ibm" for product "Lotus Domino" and version "5.0.7"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
5.0.7a
Search vendor "Ibm" for product "Lotus Domino" and version "5.0.7a"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
5.0.8
Search vendor "Ibm" for product "Lotus Domino" and version "5.0.8"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
5.0.8a
Search vendor "Ibm" for product "Lotus Domino" and version "5.0.8a"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
5.0.9
Search vendor "Ibm" for product "Lotus Domino" and version "5.0.9"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
5.0.9a
Search vendor "Ibm" for product "Lotus Domino" and version "5.0.9a"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
5.0.10
Search vendor "Ibm" for product "Lotus Domino" and version "5.0.10"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
5.0.11
Search vendor "Ibm" for product "Lotus Domino" and version "5.0.11"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.0
Search vendor "Ibm" for product "Lotus Domino" and version "6.0"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.0.1
Search vendor "Ibm" for product "Lotus Domino" and version "6.0.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.0.1.1
Search vendor "Ibm" for product "Lotus Domino" and version "6.0.1.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.0.1.2
Search vendor "Ibm" for product "Lotus Domino" and version "6.0.1.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.0.1.3
Search vendor "Ibm" for product "Lotus Domino" and version "6.0.1.3"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.0.2
Search vendor "Ibm" for product "Lotus Domino" and version "6.0.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.0.2.1
Search vendor "Ibm" for product "Lotus Domino" and version "6.0.2.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.0.2.2
Search vendor "Ibm" for product "Lotus Domino" and version "6.0.2.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.0.2_cf2
Search vendor "Ibm" for product "Lotus Domino" and version "6.0.2_cf2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.0.3
Search vendor "Ibm" for product "Lotus Domino" and version "6.0.3"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.0.4
Search vendor "Ibm" for product "Lotus Domino" and version "6.0.4"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.0.5
Search vendor "Ibm" for product "Lotus Domino" and version "6.0.5"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.5
Search vendor "Ibm" for product "Lotus Domino" and version "6.5"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.5.0
Search vendor "Ibm" for product "Lotus Domino" and version "6.5.0"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.5.1
Search vendor "Ibm" for product "Lotus Domino" and version "6.5.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.5.2
Search vendor "Ibm" for product "Lotus Domino" and version "6.5.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.5.2.1
Search vendor "Ibm" for product "Lotus Domino" and version "6.5.2.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.5.3
Search vendor "Ibm" for product "Lotus Domino" and version "6.5.3"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.5.3.1
Search vendor "Ibm" for product "Lotus Domino" and version "6.5.3.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.5.4
Search vendor "Ibm" for product "Lotus Domino" and version "6.5.4"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.5.4.1
Search vendor "Ibm" for product "Lotus Domino" and version "6.5.4.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.5.4.2
Search vendor "Ibm" for product "Lotus Domino" and version "6.5.4.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.5.4.3
Search vendor "Ibm" for product "Lotus Domino" and version "6.5.4.3"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.5.5
Search vendor "Ibm" for product "Lotus Domino" and version "6.5.5"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
6.5.6
Search vendor "Ibm" for product "Lotus Domino" and version "6.5.6"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
7.0
Search vendor "Ibm" for product "Lotus Domino" and version "7.0"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
7.0.1
Search vendor "Ibm" for product "Lotus Domino" and version "7.0.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
7.0.1.1
Search vendor "Ibm" for product "Lotus Domino" and version "7.0.1.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
7.0.2
Search vendor "Ibm" for product "Lotus Domino" and version "7.0.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
7.0.2.1
Search vendor "Ibm" for product "Lotus Domino" and version "7.0.2.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
7.0.2.2
Search vendor "Ibm" for product "Lotus Domino" and version "7.0.2.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
7.0.2.3
Search vendor "Ibm" for product "Lotus Domino" and version "7.0.2.3"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
7.0.3
Search vendor "Ibm" for product "Lotus Domino" and version "7.0.3"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
7.0.3.1
Search vendor "Ibm" for product "Lotus Domino" and version "7.0.3.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
7.0.4
Search vendor "Ibm" for product "Lotus Domino" and version "7.0.4"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
7.0.4.1
Search vendor "Ibm" for product "Lotus Domino" and version "7.0.4.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
7.0.4.2
Search vendor "Ibm" for product "Lotus Domino" and version "7.0.4.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.0.1
Search vendor "Ibm" for product "Lotus Domino" and version "8.0.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.0.2
Search vendor "Ibm" for product "Lotus Domino" and version "8.0.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.0.2.1
Search vendor "Ibm" for product "Lotus Domino" and version "8.0.2.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.0.2.2
Search vendor "Ibm" for product "Lotus Domino" and version "8.0.2.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.0.2.3
Search vendor "Ibm" for product "Lotus Domino" and version "8.0.2.3"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.0.2.4
Search vendor "Ibm" for product "Lotus Domino" and version "8.0.2.4"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.0.2.5
Search vendor "Ibm" for product "Lotus Domino" and version "8.0.2.5"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.0.2.6
Search vendor "Ibm" for product "Lotus Domino" and version "8.0.2.6"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.5.1
Search vendor "Ibm" for product "Lotus Domino" and version "8.5.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.5.1.1
Search vendor "Ibm" for product "Lotus Domino" and version "8.5.1.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.5.1.2
Search vendor "Ibm" for product "Lotus Domino" and version "8.5.1.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.5.1.3
Search vendor "Ibm" for product "Lotus Domino" and version "8.5.1.3"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.5.1.4
Search vendor "Ibm" for product "Lotus Domino" and version "8.5.1.4"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.5.1.5
Search vendor "Ibm" for product "Lotus Domino" and version "8.5.1.5"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.5.2
Search vendor "Ibm" for product "Lotus Domino" and version "8.5.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Domino
Search vendor "Ibm" for product "Lotus Domino"
8.5.2.1
Search vendor "Ibm" for product "Lotus Domino" and version "8.5.2.1"
-
Affected