CVE-2010-0919 : Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IB

Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ.

Published 2010-03-03 19:30:01

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2010-0919

IBM » Domino Web Access » Version: 7.0
cpe:2.3:a:ibm:domino_web_access:7.0:*:*:*:*:*:*:*
Matching versions
IBM » Domino Web Access » Version: 6.5
cpe:2.3:a:ibm:domino_web_access:6.5:*:*:*:*:*:*:*
Matching versions
IBM » Domino Web Access » Version: 7.0.1
cpe:2.3:a:ibm:domino_web_access:7.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Domino Web Access » Version: 8.0.2
cpe:2.3:a:ibm:domino_web_access:8.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Domino Web Access » Version: 7.0.3
cpe:2.3:a:ibm:domino_web_access:7.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Domino Web Access » Version: 8.0
cpe:2.3:a:ibm:domino_web_access:8.0:*:*:*:*:*:*:*
Matching versions
IBM » Domino Web Access » Version: 7.0.2
cpe:2.3:a:ibm:domino_web_access:7.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Inotes
Versions up to, including, (<=) 229.271
cpe:2.3:a:ibm:lotus_inotes:*:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.021
cpe:2.3:a:ibm:lotus_inotes:229.021:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.011
cpe:2.3:a:ibm:lotus_inotes:229.011:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.041
cpe:2.3:a:ibm:lotus_inotes:229.041:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.031
cpe:2.3:a:ibm:lotus_inotes:229.031:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.101
cpe:2.3:a:ibm:lotus_inotes:229.101:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.061
cpe:2.3:a:ibm:lotus_inotes:229.061:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.051
cpe:2.3:a:ibm:lotus_inotes:229.051:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.191
cpe:2.3:a:ibm:lotus_inotes:229.191:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.181
cpe:2.3:a:ibm:lotus_inotes:229.181:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.211
cpe:2.3:a:ibm:lotus_inotes:229.211:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.201
cpe:2.3:a:ibm:lotus_inotes:229.201:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.131
cpe:2.3:a:ibm:lotus_inotes:229.131:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.111
cpe:2.3:a:ibm:lotus_inotes:229.111:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.171
cpe:2.3:a:ibm:lotus_inotes:229.171:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.161
cpe:2.3:a:ibm:lotus_inotes:229.161:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.221
cpe:2.3:a:ibm:lotus_inotes:229.221:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.151
cpe:2.3:a:ibm:lotus_inotes:229.151:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.141
cpe:2.3:a:ibm:lotus_inotes:229.141:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.241
cpe:2.3:a:ibm:lotus_inotes:229.241:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.261
cpe:2.3:a:ibm:lotus_inotes:229.261:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.251
cpe:2.3:a:ibm:lotus_inotes:229.251:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4
IBM » Lotus Inotes » Version: 229.231
cpe:2.3:a:ibm:lotus_inotes:229.231:*:*:*:*:*:*:*
Matching versions
When used together with: IBM » Lotus Domino » Version: 8.0.2.4

Exploit prediction scoring system (EPSS) score for CVE-2010-0919

EPSS FAQ

21.28%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2010-0919

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.6	HIGH	AV:N/AC:H/Au:N/C:C/I:C/A:C	4.9	10.0	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2010-0919

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-0919

https://exchange.xforce.ibmcloud.com/vulnerabilities/56555

Lotus iNotes ActiveX control buffer overflow CVE-2010-0919 Vulnerability Report
http://secunia.com/advisories/38744

Sign in
Vendor Advisory
http://securitytracker.com/id?1023662

IBM Lotus iNotes Buffer Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code - SecurityTracker
http://www.vupen.com/english/advisories/2010/0496

Webmail | OVH- OVH
Patch;Vendor Advisory

CVEs referencing this url
http://www.vupen.com/english/advisories/2010/0495

Webmail | OVH- OVH
Vendor Advisory
http://secunia.com/advisories/38681

Sign in
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21421808

IBM notice: The page you requested cannot be displayed
Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857
http://www-01.ibm.com/support/docview.wss?uid=swg27018109

Lotus iNotes Interim Fix 229.281 for Domino 8.0.2 Fix Pack 4
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/38459

IBM Domino Web Access Prior to 229.281 Unspecified Security Vulnerabilities

CVEs referencing this url
http://www.osvdb.org/62612

404 Not Found
http://www.securityfocus.com/bid/38457

Domino Web Access ActiveX Control URL Handling Buffer Overflow Vulnerability
http://secunia.com/advisories/38755

Sign in
Vendor Advisory

Jump to

Vulnerability Details : CVE-2010-0919

Products affected by CVE-2010-0919

Exploit prediction scoring system (EPSS) score for CVE-2010-0919

CVSS scores for CVE-2010-0919

CWE ids for CVE-2010-0919

References for CVE-2010-0919