Vulnerability Note VU#206361
Lotus iNotes vulnerable to buffer overflow via PresetFields FolderName field
Lotus iNotes contains a buffer overflow that could permit a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable server.
Lotus iNotes Web Access is a database application that provides "access to corporate messaging services and personal information through a Web browser." NGSSoftware has researched and reported a buffer overflow vulnerability in iNotes that can be triggered via a specially crafted FolderName value of the PresetFields parameter. For further information, see NGSSoftware Insight Security Research Advisory #NISR17022003b.
A remote attacker could execute arbitrary code with the privileges of the Domino server process or cause a denial of service.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Lotus Software||Affected||17 Jan 2003||17 Mar 2003|
CVSS Metrics (Learn More)
This vulnerability was reported by Mark Litchfield of NGSSoftware.
This document was written by Art Manion.
- CVE IDs: Unknown
- CERT Advisory: CA-2003-11
- Date Public: 17 Feb 2003
- Date First Published: 19 Feb 2003
- Date Last Updated: 26 Mar 2003
- Severity Metric: 18.51
- Document Revision: 25
If you have feedback, comments, or additional information about this vulnerability, please send us email.