CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
98.5%
Added: 11/02/2007
CVE: CVE-2007-3510
BID: 26176
OSVDB: 40953
IBM Lotus Domino is a messaging and collaboration solution for multiple platforms.
A buffer overflow vulnerability in Lotus Domino could allow a remote, authenticated attacker to execute arbitrary commands by sending a command containing a long mailbox name to the IMAP service.
Upgrade to Lotus Domino 6.5.6 Fix Pack 2, 7.0.3, or 8.0 or higher.
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=605>
[http://www-1.ibm.com/support/docview.wss?rs=477&uid=swg21270623 ](<http://www-1.ibm.com/support/docview.wss?rs=477&uid=swg21270623
>)
Exploit works on Lotus Domino 7.0.2 and 7.0.2 Fix Pack 1, and requires valid IMAP authentication credentials.
Windows 2000
Windows Server 2003