CVE-2007-5544

Description

IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

ibm / lotus_domino6.5.5
ibm / lotus_domino6.5.5 – 6.5.5
ibm / lotus_domino7.0.2 – 7.0.2
ibm / lotus_notes6.5.5

References

MISChttp://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt
MISChttp://www.securityfocus.com/bid/26146
VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/3598
MISChttp://www-1.ibm.com/support/docview.wss?uid=swg21257030
VENDOR_ADVISORYhttp://secunia.com/advisories/27321