VulDB: IBM Lotus Notes up to 8.5.3 buffer overflow [CVE-2012-2174]
General
scipID: 5573
Affected: IBM Lotus Notes up to 8.5.3
Published: 06/18/2012
Risk: 
critical
Entry: 83.6% complete
Created: 06/22/2012
Updated: 09/03/2012
Summary
A vulnerability was found in IBM Lotus Notes up to 8.5.3 and classified as critical. This issue affects an unknown function. The manipulation with an unknown input leads to a buffer overflow vulnerability. Impacted is confidentiality, integrity, and availability.
The weakness was presented 06/18/2012 as swg21598348 as bulletin (IBM Knowledge Base). The advisory is shared for download at www-304.ibm.com. The identification of this vulnerability is CVE-2012-2174 since 04/04/2012. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available.
The best possible mitigation is suggested to be patching the affected component. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (83063) and Secunia (SA49601).CVSS
Base Score: 9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Buffer overflow
Local: No
Remote: Yes
Availability: No
Countermeasures
Recommended: Patch
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Timeline
04/04/2012 | CVE assigned
06/18/2012 | Advisory disclosed
06/18/2012 | Countermeasure disclosed
06/20/2012 | OSVDB entry created
06/22/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: swg21598348
OSVDB: 83063
CVE: CVE-2012-2174 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49601
