Vulnerability CVE-2008-1965
Published: 2008-04-25   Modified: 2012-02-12

Description:
Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.

Type:

CWE-94

 (Improper Control of Generation of Code ('Code Injection'))

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
IBM -> Lotus expeditor client 
IBM -> Lotus symphany 

 References:
http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0640.html
http://thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerability
http://www-1.ibm.com/support/docview.wss?uid=swg21303813
http://www.securityfocus.com/archive/1/491343/100/0/threaded
http://www.securityfocus.com/bid/28926
http://www.securitytracker.com/id?1019951
http://www.securitytracker.com/id?1019952
http://www.vupen.com/english/advisories/2008/1394/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41990
Copyright 2024, cxsecurity.com

 

Back to Top