CVE-2004-0480

Published: Dec 6, 2004Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via a notes: URI that uses a UNC network share pathname to provide an alternate notes.ini configuration file to notes.exe.

Affected (2)

Products: Ibm: Lotus Notes

Ibm

1 product

Lotus Notes

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Lotus Notes	Version 6.0.3
Ibm Lotus Notes	Version 6.5

Related CWEs

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

References (10)

http://marc.info/?l=bugtraq&m=108843896506099&w=2

Source: cve@mitre.org

Third Party Advisory

http://www-1.ibm.com/support/docview.wss?rs=475/context=SSKTWP&uid=swg21169510

Source: cve@mitre.org

Broken LinkPatchVendor Advisory

http://www.idefense.com/application/poi/display?id=111&type=vulnerabilities

Source: cve@mitre.org

Broken LinkExploitPatchVendor Advisory

http://www.securityfocus.com/bid/10600

Source: cve@mitre.org

Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/16496

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://marc.info/?l=bugtraq&m=108843896506099&w=2