Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony prior to 3.0.1 might allow remote malicious users to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm lotus symphony |
||
ibm lotus symphony 3.0.0.2 |
||
ibm lotus symphony 3.0.0.1 |
||
ibm lotus symphony 1.3 |