CVE-2011-3575

EUVD-2011-3538
Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
ibmlotus_domino
8.5.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.research.reversingcode.com/exploits/IBMLotusDomino_StackOverflowPoC
http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211
http://www.securityfocus.com/bid/49705
https://exchange.xforce.ibmcloud.com/vulnerabilities/69802
http://www.research.reversingcode.com/exploits/IBMLotusDomino_StackOverflowPoC
http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211
http://www.securityfocus.com/bid/49705
https://exchange.xforce.ibmcloud.com/vulnerabilities/69802