CVE-2015-0135
IBM Lotus Domino GIF Integer Truncation Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9.
IBM Domino 8.5 anterior a 8.5.3 FP6 IF4 y 9.0 anterior a 9.0.1 FP3 IF2 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (truncación de enteros y caída de aplicación) a través de una imagen GIF manipulada, también conocido como SPR KLYH9T7NT9.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability.
The flaw exists within the nrouter.exe component which handles e-mails dispatched from nsmtp.exe listening on port 25. By specifying malicious dimensions within a GIF, an integer truncation can occur potentially resulting in an undersized buffer being allocated. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-11-18 CVE Reserved
- 2015-04-15 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1032151 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21701647 | 2019-10-16 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Domino Search vendor "Ibm" for product "Domino" | 8.5.0 Search vendor "Ibm" for product "Domino" and version "8.5.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Domino Search vendor "Ibm" for product "Domino" | 8.5.1 Search vendor "Ibm" for product "Domino" and version "8.5.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Domino Search vendor "Ibm" for product "Domino" | 8.5.2 Search vendor "Ibm" for product "Domino" and version "8.5.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Domino Search vendor "Ibm" for product "Domino" | 9.0.1 Search vendor "Ibm" for product "Domino" and version "9.0.1" | - |
Affected
| ||||||