Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1965

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1965
Last Modified 07 Mar 2011 10:08:19
Published 25 Apr 2008 03:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1965

Summary

Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.

Vulnerable Systems

Application

  • Ibm Lotus Expeditor Client 6.1.1

  • Ibm Lotus Expeditor Client 6.1.2

  • Ibm Lotus Symphany


References

XF - ibm-lotussymphony-rcplauncher-code-execution(41990)

VUPEN - ADV-2008-1394

SECTRACK - 1019952

SECTRACK - 1019951

BID - 28926

BUGTRAQ - 20080425 Lotus expeditor rcplauncher uri handler vulnerability

CONFIRM - http://www-1.ibm.com/support/docview.wss?uid=swg21303813

MISC - http://thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerability

SECUNIA - 29958

FULLDISC - 20080424 Lotus expeditor rcplauncher uri handler vulnerability


Last Updated: 27 May 2016 10:47:42