Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via a notes: URI that uses a UNC network share pathname to provide an alternate notes.ini configuration file to notes.exe.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:48
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=bugtraq&m=108843896506099&w=2 - Third Party Advisory | |
References | () http://www-1.ibm.com/support/docview.wss?rs=475/context=SSKTWP&uid=swg21169510 - Broken Link, Patch, Vendor Advisory | |
References | () http://www.idefense.com/application/poi/display?id=111&type=vulnerabilities - Broken Link, Exploit, Patch, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/10600 - Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/16496 - Third Party Advisory, VDB Entry |
13 Feb 2024, 17:52
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-88 | |
CPE | cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:* |
|
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=108843896506099&w=2 - Third Party Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/16496 - Third Party Advisory, VDB Entry | |
References | (MISC) http://www.idefense.com/application/poi/display?id=111&type=vulnerabilities - Broken Link, Exploit, Patch, Vendor Advisory | |
References | (CONFIRM) http://www-1.ibm.com/support/docview.wss?rs=475/context=SSKTWP&uid=swg21169510 - Broken Link, Patch, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/10600 - Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory |
Information
Published : 2004-12-06 05:00
Updated : 2024-11-20 23:48
NVD link : CVE-2004-0480
Mitre link : CVE-2004-0480
CVE.ORG link : CVE-2004-0480
JSON object : View
Products Affected
ibm
- lotus_notes
CWE
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')