Skip to main content

Domino CVE-2015-1902

CRITICAL
Buffer Overflow (CWE-119)
2015-05-20 psirt@us.ibm.com
10.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
May 20, 2015 - 10:59 cve.org
CRITICAL 10.0

DescriptionCVE.org

Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA.

AnalysisAI

Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 34.0%.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA. Affected products include: Ibm Domino. Version information: before 8.5.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

More in Domino

View all
CVE-2015-1903 CRITICAL
10.0 May 20

Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers

CVE-2015-0135 CRITICAL
10.0 Apr 21

IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or ca

CVE-2017-1274 HIGH POC
8.8 Apr 25

IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated

CVE-2015-0134 CRITICAL
10.0 Apr 06

Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before

CVE-2015-0117 CRITICAL
10.0 Apr 06

The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute

CVE-2020-14273 HIGH POC
7.5 Dec 28

HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its publ

CVE-2015-0179 HIGH POC
7.2 Apr 06

Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users t

CVE-2016-6087 CRITICAL
9.8 Jun 07

IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data us

CVE-2020-14244 CRITICAL
9.8 Dec 14

A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by

CVE-2020-14260 CRITICAL
9.8 Dec 02

HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. Rated crit

CVE-2022-38660 HIGH
8.8 Nov 04

HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. Rated high severity (CVSS

CVE-2016-0304 HIGH
8.1 Jun 29

The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configur

Share

CVE-2015-1902 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy