Summary
The host is running IBM Lotus Domino Server and is prone to cross site scripting and buffer overflow vulnerabilities.
Impact
Successful exploitation may allow remote attackers to execute arbitrary code with system-level privileges or steal cookie-based authentication credentials and launch other attacks.
Impact Level: System/Application
Solution
Upgrade to IBM Lotus Domino Versions 8.5.2 FP2, 8.5.3 or later.
For updates refer to http://www-01.ibm.com/software/lotus/products/domino/
Insight
- Input passed via the 'PanelIcon' parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
- Stack-based buffer overflow error in the NSFComputeEvaluateExt function in Nnotes.dll allows remote authenticated users to execute arbitrary code via a long 'tHPRAgentName' parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf.
Affected
IBM Lotus Domino Versions 8.5.2 and prior.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2011-3575, CVE-2011-3576 -
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
- Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
- Adobe Air Multiple Vulnerabilities - November12 (Windows)