CVE-2013-3026
IBM Quickr for Domino ActiveX Integer Overflow Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Buffer overflow in the Lotus Quickr for Domino ActiveX control in qp2.cab in IBM Lotus Quickr 8.1 before FP 8.1.0.32-001a, 8.2 before FP 8.2.0.28-001a, and 8.5.1 before FP 8.5.1.39-002a for Domino allows remote attackers to execute arbitrary code via a crafted web site.
Desbordamiento de búfer en el control ActiveX Lotus Quickr para Domino en qp2.cab IBM Lotus Quickr 8.1 anterior a FP 8.1.0.32-001a, 8.2 anterior a FP 8.2.0.28-001a, y 8.5.1 anterior a FP 8.5.1.39-002a para Domino, permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Quickr for Domino. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of user provided input in an ActiveX control. An integer overflow exists which leads to a heap buffer overflow. An attacker could use this vulnerability to execute arbitrary code in the context of the user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-04-12 CVE Reserved
- 2013-06-17 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/84381 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www-01.ibm.com/support/docview.wss?uid=swg21639643 | 2017-08-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ibm Search vendor "Ibm" | Lotus Quickr For Domino Search vendor "Ibm" for product "Lotus Quickr For Domino" | 8.1.0 Search vendor "Ibm" for product "Lotus Quickr For Domino" and version "8.1.0" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Quickr For Domino Search vendor "Ibm" for product "Lotus Quickr For Domino" | 8.2.0 Search vendor "Ibm" for product "Lotus Quickr For Domino" and version "8.2.0" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Quickr For Domino Search vendor "Ibm" for product "Lotus Quickr For Domino" | 8.5.1 Search vendor "Ibm" for product "Lotus Quickr For Domino" and version "8.5.1" | - |
Affected
|