CVE-2013-6748
high
CVSS v3
—
CVSS v2
7.5
VIR risk
7.5
Description
Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr for Domino 8.5.1 before 8.5.1.42-001b allows remote attackers to execute arbitrary code via a crafted HTML document, a different vulnerability than CVE-2013-6749.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21662653
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | lotus_quickr_for_domino | 8.5.1 | |
References
- http://osvdb.org/102597
- http://secunia.com/advisories/56696
- http://www.ibm.com/support/docview.wss?uid=swg21662653
- http://www.securityfocus.com/bid/65191
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89864
- http://osvdb.org/102597
- http://secunia.com/advisories/56696
- http://www.ibm.com/support/docview.wss?uid=swg21662653
- http://www.securityfocus.com/bid/65191
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89864
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.