This script is Copyright (C) 2016 Tenable Network Security, Inc.
A business collaboration application running on the remote host is
affected by multiple vulnerabilities.
According to its banner, the version of IBM Domino (formerly IBM
Lotus Domino) running on the remote host is 9.0.x prior to 9.0.1 Fix
Pack 6 (FP6). It is, therefore, affected by the following
- Multiple heap-based buffer overflow conditions exist in
the KeyView PDF filter when parsing a PDF document due
to improper validation of user-supplied input. An
unauthenticated, remote attacker can exploit these, by
convincing a user to open a specially crafted PDF
document, to cause a denial of service condition or the
execution of arbitrary code. (CVE-2016-0277,
CVE-2016-0278, CVE-2016-0279, CVE-2016-0301)
- A security restriction bypass vulnerability exists in
the remote console due to an error that occurs when an
unspecified unsupported configuration is used involving
UNC share path names. An unauthenticated, remote
attacker can exploit this to bypass authentication and
possibly execute arbitrary code with SYSTEM privileges.
See also :
Upgrade to IBM Domino version 9.0.1 FP6 or later.
Risk factor :
High / CVSS Base Score : 7.6
CVSS Temporal Score : 6.6
Public Exploit Available : false