Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0912

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-0912
Last Modified 26 Jan 2012 10:58:24
Published 08 Feb 2011 05:00:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-0912

Summary

Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.

Vulnerable Systems

Application

  • Ibm Lotus Notes 8.0

  • Ibm Lotus Notes 8.0.1

  • Ibm Lotus Notes 8.0.2

  • Ibm Lotus Notes 8.0.2.0

  • Ibm Lotus Notes 8.0.2.1

  • Ibm Lotus Notes 8.0.2.2

  • Ibm Lotus Notes 8.0.2.3

  • Ibm Lotus Notes 8.0.2.4

  • Ibm Lotus Notes 8.0.2.5

  • Ibm Lotus Notes 8.5.0.0

  • Ibm Lotus Notes 8.5.0.1

  • Ibm Lotus Notes 8.5.1.0

  • Ibm Lotus Notes 8.5.1.1

  • Ibm Lotus Notes 8.5.1.2

  • Ibm Lotus Notes 8.5.1.3

  • Ibm Lotus Notes 8.5.1.4


References

MISC - http://zerodayinitiative.com/advisories/ZDI-11-051/

VUPEN - ADV-2011-0295

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21461514

SECUNIA - 43222


Last Updated: 27 May 2016 10:56:06