Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0192

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-0192
Last Modified 26 Jan 2012 11:04:22
Published 23 Jan 2012 10:55:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0192

Summary

Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file.

Vulnerable Systems

Application

  • Ibm Lotus Symphony 1.3

  • Ibm Lotus Symphony 3.0.0.1

  • Ibm Lotus Symphony 3.0.0.2

  • Ibm Lotus Symphony 3.0.0.3


References

XF - lotus-symphony-vclmi-bo(72424)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21578684

SECUNIA - 47245

BID - 51591

OSVDB - 78345


Last Updated: 27 May 2016 10:57:23