Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiIntevydis http://intevydis.comZDI-11-052
HistoryFeb 07, 2011 - 12:00 a.m.

(0Day) Lotus Domino Server diiop Client Request Operation Remote Code Execution Vulnerability

2011-02-0700:00:00
Intevydis http://intevydis.com
www.zerodayinitiative.com
15

EPSS

0.167

Percentile

96.1%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the ndiiop.exe component which listens by default on a dynamic TCP port. When handling a GIOP client Request packet type the process can be made to mis-allocate a buffer size due to a signed-ness bug. Later, the process blindly copies user supplied data into this under allocated heap buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

Related

nvd 1
cve 1
prion 1
cvelist 1
kaspersky 1
openvas 1
nessus 1
nvd
nvd
CVE-2011-0914
2011-02-08 22:00:02
cve
cve
CVE-2011-0914
2011-02-08 22:00:02
prion
prion
Integer overflow
2011-02-08 22:00:00
cvelist
cvelist
CVE-2011-0914
2011-02-08 21:00:00
kaspersky
kaspersky
KLA10199 ACE vulnerability in IBM Lotus Domino
2011-02-08 00:00:00
openvas
openvas
IBM Lotus Domino Multiple Remote Buffer Overflow Vulnerabilities
2011-05-09 00:00:00
nessus
nessus
IBM Lotus Domino 8.5.x < 8.5.3 Multiple Vulnerabilities
2013-04-26 00:00:00

EPSS

0.167

Percentile

96.1%

JSON
Related for ZDI-11-052
nvd1cve1prion1cvelist1kaspersky1openvas1nessus1