Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0915

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-0915
Last Modified 20 Apr 2011 10:33:11
Published 08 Feb 2011 05:00:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-0915

Summary

Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a long name parameter in a Content-Type header in a malformed Notes calendar (aka iCalendar or iCal) meeting request, aka SPR KLYH87LL23.

Vulnerable Systems

Application

  • Ibm Lotus Domino 4.6.1

  • Ibm Lotus Domino 4.6.3

  • Ibm Lotus Domino 4.6.4

  • Ibm Lotus Domino 5.0

  • Ibm Lotus Domino 5.0.1

  • Ibm Lotus Domino 5.0.10

  • Ibm Lotus Domino 5.0.11

  • Ibm Lotus Domino 5.0.2

  • Ibm Lotus Domino 5.0.3

  • Ibm Lotus Domino 5.0.4

  • Ibm Lotus Domino 5.0.4a

  • Ibm Lotus Domino 5.0.5

  • Ibm Lotus Domino 5.0.6

  • Ibm Lotus Domino 5.0.6a

  • Ibm Lotus Domino 5.0.7

  • Ibm Lotus Domino 5.0.7a

  • Ibm Lotus Domino 5.0.8

  • Ibm Lotus Domino 5.0.8a

  • Ibm Lotus Domino 5.0.9

  • Ibm Lotus Domino 5.0.9a

  • Ibm Lotus Domino 6.0

  • Ibm Lotus Domino 6.0.1

  • Ibm Lotus Domino 6.0.1.1

  • Ibm Lotus Domino 6.0.1.2

  • Ibm Lotus Domino 6.0.1.3

  • Ibm Lotus Domino 6.0.2

  • Ibm Lotus Domino 6.0.2 Cf2

  • Ibm Lotus Domino 6.0.2.1

  • Ibm Lotus Domino 6.0.2.2

  • Ibm Lotus Domino 6.0.3

  • Ibm Lotus Domino 6.0.4

  • Ibm Lotus Domino 6.0.5

  • Ibm Lotus Domino 6.5

  • Ibm Lotus Domino 6.5.0

  • Ibm Lotus Domino 6.5.1

  • Ibm Lotus Domino 6.5.2

  • Ibm Lotus Domino 6.5.2.1

  • Ibm Lotus Domino 6.5.3

  • Ibm Lotus Domino 6.5.3.1

  • Ibm Lotus Domino 6.5.4

  • Ibm Lotus Domino 6.5.4.1

  • Ibm Lotus Domino 6.5.4.2

  • Ibm Lotus Domino 6.5.4.3

  • Ibm Lotus Domino 6.5.5

  • Ibm Lotus Domino 6.5.6

  • Ibm Lotus Domino 7.0

  • Ibm Lotus Domino 7.0.1

  • Ibm Lotus Domino 7.0.1.1

  • Ibm Lotus Domino 7.0.2

  • Ibm Lotus Domino 7.0.2.1

  • Ibm Lotus Domino 7.0.2.2

  • Ibm Lotus Domino 7.0.2.3

  • Ibm Lotus Domino 7.0.3

  • Ibm Lotus Domino 7.0.3.1

  • Ibm Lotus Domino 7.0.4

  • Ibm Lotus Domino 7.0.4.1

  • Ibm Lotus Domino 7.0.4.2

  • Ibm Lotus Domino 8.0.1

  • Ibm Lotus Domino 8.0.2

  • Ibm Lotus Domino 8.0.2.1

  • Ibm Lotus Domino 8.0.2.2

  • Ibm Lotus Domino 8.0.2.3

  • Ibm Lotus Domino 8.0.2.4

  • Ibm Lotus Domino 8.0.2.5

  • Ibm Lotus Domino 8.0.2.6

  • Ibm Lotus Domino 8.5.1

  • Ibm Lotus Domino 8.5.1.1

  • Ibm Lotus Domino 8.5.1.2

  • Ibm Lotus Domino 8.5.1.3

  • Ibm Lotus Domino 8.5.1.4

  • Ibm Lotus Domino 8.5.1.5

  • Ibm Lotus Domino 8.5.2

  • Ibm Lotus Domino 8.5.2.1

  • Ibm Lotus Domino 8.5.2.2


References

MISC - http://zerodayinitiative.com/advisories/ZDI-11-048/

BUGTRAQ - 20110207 ZDI-11-048: IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execution Vulnerability

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21461514

SECUNIA - 43208


Last Updated: 27 May 2016 10:56:06