Remote Code Execution Vulnerability in IBM Domino
CVE-2015-0135

Currently unrated

Key Information:

Vendor: IBM
Status: Domino
Vendor: CVE Published:; 21 April 2015

Summary

IBM Domino versions 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 are susceptible to a serious vulnerability that enables remote attackers to execute arbitrary code or induce a denial of service. This issue arises from integer truncation errors, which can be exploited by sending specially crafted GIF images that trigger application crashes. Proper updates and patches are essential to mitigate this security risk.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21701647

x_refsource_CONFIRM

http://www.securitytracker.com/id/1032151

vdb-entryx_refsource_SECTRACK

EPSS Score

35% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 21, 2015
Vulnerability Reserved
Nov 18, 2014