Published: 25/04/2008 Updated: 11/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote malicious users to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm lotus expeditor client 6.1.2
ibm lotus symphany
ibm lotus expeditor client 6.1.1

source: wwwsecurityfocuscom/bid/28926/info IBM Lotus Expeditor is prone to a command-execution vulnerability because it fails to properly sanitize input Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of users that follow malicious URIs We don't know which specific versions of IB ...

CWE-94 http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0640.html http://www.securityfocus.com/bid/28926 http://thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerability http://www-1.ibm.com/support/docview.wss?uid=swg21303813 http://www.securitytracker.com/id?1019951 http://www.securitytracker.com/id?1019952 http://secunia.com/advisories/29958 http://www.vupen.com/english/advisories/2008/1394/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41990 http://www.securityfocus.com/archive/1/491343/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/31706/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-1965

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect