CVE-2004-0480

Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via a notes: URI that uses a UNC network share pathname to provide an alternate notes.ini configuration file to notes.exe.
References
Link Resource
http://marc.info/?l=bugtraq&m=108843896506099&w=2 Third Party Advisory
http://www-1.ibm.com/support/docview.wss?rs=475/context=SSKTWP&uid=swg21169510 Broken Link Patch Vendor Advisory
http://www.idefense.com/application/poi/display?id=111&type=vulnerabilities Broken Link Exploit Patch Vendor Advisory
http://www.securityfocus.com/bid/10600 Broken Link Patch Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16496 Third Party Advisory VDB Entry
http://marc.info/?l=bugtraq&m=108843896506099&w=2 Third Party Advisory
http://www-1.ibm.com/support/docview.wss?rs=475/context=SSKTWP&uid=swg21169510 Broken Link Patch Vendor Advisory
http://www.idefense.com/application/poi/display?id=111&type=vulnerabilities Broken Link Exploit Patch Vendor Advisory
http://www.securityfocus.com/bid/10600 Broken Link Patch Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16496 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*

History

20 Nov 2024, 23:48

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=108843896506099&w=2 - Third Party Advisory () http://marc.info/?l=bugtraq&m=108843896506099&w=2 - Third Party Advisory
References () http://www-1.ibm.com/support/docview.wss?rs=475/context=SSKTWP&uid=swg21169510 - Broken Link, Patch, Vendor Advisory () http://www-1.ibm.com/support/docview.wss?rs=475/context=SSKTWP&uid=swg21169510 - Broken Link, Patch, Vendor Advisory
References () http://www.idefense.com/application/poi/display?id=111&type=vulnerabilities - Broken Link, Exploit, Patch, Vendor Advisory () http://www.idefense.com/application/poi/display?id=111&type=vulnerabilities - Broken Link, Exploit, Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/10600 - Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory () http://www.securityfocus.com/bid/10600 - Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/16496 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/16496 - Third Party Advisory, VDB Entry

13 Feb 2024, 17:52

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-88
CPE cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=108843896506099&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=108843896506099&w=2 - Third Party Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/16496 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/16496 - Third Party Advisory, VDB Entry
References (MISC) http://www.idefense.com/application/poi/display?id=111&type=vulnerabilities - Exploit, Patch, Vendor Advisory (MISC) http://www.idefense.com/application/poi/display?id=111&type=vulnerabilities - Broken Link, Exploit, Patch, Vendor Advisory
References (CONFIRM) http://www-1.ibm.com/support/docview.wss?rs=475/context=SSKTWP&uid=swg21169510 - Patch, Vendor Advisory (CONFIRM) http://www-1.ibm.com/support/docview.wss?rs=475/context=SSKTWP&uid=swg21169510 - Broken Link, Patch, Vendor Advisory
References (BID) http://www.securityfocus.com/bid/10600 - Patch, Vendor Advisory (BID) http://www.securityfocus.com/bid/10600 - Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory

Information

Published : 2004-12-06 05:00

Updated : 2024-11-20 23:48


NVD link : CVE-2004-0480

Mitre link : CVE-2004-0480

CVE.ORG link : CVE-2004-0480


JSON object : View

Products Affected

ibm

  • lotus_notes
CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')