Vulnerability CVE-2012-0192


Published: 2012-01-23   Modified: 2012-02-13

Description:
Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file.

Type:

CWE-189

(Numeric Errors)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
IBM -> Lotus symphony 

 References:
http://xforce.iss.net/xforce/xfdb/72424
http://www.securityfocus.com/bid/51591
http://www-01.ibm.com/support/docview.wss?uid=swg21578684
http://secunia.com/advisories/47245
http://osvdb.org/78345

Copyright 2024, cxsecurity.com

 

Back to Top