CVE-2007-6706: Code Injection
First published: Sun Mar 09 2008(Updated: )
Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in an e-mail message sent over SMTP.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Lotus Notes | <=7.0.2 | |
| IBM Lotus Notes | =6.5 | |
| IBM Lotus Notes | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-6706?
CVE-2007-6706 is considered to be a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2007-6706?
To fix CVE-2007-6706, upgrade IBM Lotus Notes to version 7.0.3 or later.
What versions of IBM Lotus Notes are affected by CVE-2007-6706?
CVE-2007-6706 affects IBM Lotus Notes versions 6.5, 7.0.x before 7.0.2 CCH, and 7.0.3, as well as possibly 8.0.
Can CVE-2007-6706 be exploited through email?
Yes, CVE-2007-6706 can be exploited by sending specially crafted emails via SMTP.
What are the potential consequences of CVE-2007-6706?
The potential consequences of exploiting CVE-2007-6706 include unauthorized remote code execution on the affected system.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/ibm
- canonical/ibm lotus notes
- version/ibm lotus notes/7.0.2
- version/ibm lotus notes/6.5
- version/ibm lotus notes/8.0