vendor:
Lotus Domino
by:
Dominic Chell & prdelka
7.5
CVSS
HIGH
Remote Exploit
Unknown
CWE
Product Name: Lotus Domino
Affected Version From: 6.5.2004
Affected Version To: 7.0.2 && 6.5.5 FP2
Patch Exists: NO
Related CWE: Unknown
CPE: cpe: /a:ibm:lotus_domino
Platforms Tested: Windows 2000 Advanced Server x86
Unknown
Lotus Domino IMAP4 Server Release 6.5.4 / Windows 2000 Advanced Server x86 Remote Exploit
The exploit takes advantage of a vulnerability in IBM Lotus Domino versions 7.0.2 and 6.5.5 FP2. It allows an attacker to execute arbitrary code on the server by manipulating the ECX register and using a buffer overflow.
Mitigation:
Upgrade to a non-vulnerable version of IBM Lotus Domino.