FKIE_CVE-2016-0279

Vulnerability from fkie_nvd - Published: 2016-06-26 14:59 - Updated: 2025-04-12 10:46
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21983292Vendor Advisory
psirt@us.ibm.comhttp://www.securitytracker.com/id/1036091
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21983292Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036091
Impacted products
Vendor Product Version
ibm domino 8.5.2
ibm domino 8.5.2.1
ibm domino 8.5.2.2
ibm domino 8.5.2.3
ibm domino 8.5.0
ibm domino 8.5.3
ibm domino 8.5.3.1
ibm domino 8.5.3.2
ibm domino 8.5.3.3
ibm domino 8.5.3.4
ibm domino 8.5.3.5
ibm domino 8.5.1
ibm domino 8.5.1.1
ibm domino 8.5.1.2
ibm domino 8.5.1.3
ibm domino 8.5.1.4
ibm domino 9.0.1
ibm domino 9.0.1.1
ibm domino 9.0.1.2
ibm domino 9.0.1.3
ibm domino 9.0.1.4
ibm domino 9.0.1.5
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2A7894-14F0-4FD9-A221-4A88E5CB6A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AF2E5-2756-4111-90B0-08039B9D07C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83A143B4-D4D5-498E-B50F-4CCF7EF6538B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8458C5E0-40D5-41B6-BBB3-4EE1600BE1F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "091D9954-232A-4158-A516-35A735343121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB85F5F-867C-403C-9671-6DEFF66FCBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABFDECA7-0DBE-41C7-A589-D342E0628BAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE3A838-8EB0-4D62-95CD-B882D61AA3C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D1CE3-A23C-4E7F-AD60-0B14BFD993A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D658AF-65B4-4DD7-B445-E16615EA5D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B275FDF-B31D-4761-9CA5-4FFF2F439964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE36CC5-3991-4579-8B61-D97B09337F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "931135FE-DA7D-4466-B830-CC07A9F0BCDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D932FB-331E-4FB7-AF70-263B8D504654",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B9E1334-7CE9-406A-8CE5-FF48823A25B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF7A97DE-36BC-4DFC-9F44-EF2C155703B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C05B1F1-EDFC-46AC-B701-13652ABA7065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D246A5C6-E12D-4B5D-8319-0A9F52899173",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en el filtro KeyView PDF en IBM Domino 8.5.x en versiones anteriores a 8.5.3 FP6 IF13 y 9.x en versiones anteriores a 9.0.1 FP6 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento PDF manipulado, una vulnerabilidad diferente a CVE-2016-0277, CVE-2016-0278 y CVE-2016-0301."
    }
  ],
  "id": "CVE-2016-0279",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-26T14:59:04.437",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1036091"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036091"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.