CVE-2008-1965

Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:lotus_expeditor_client:6.1.1:*:desktop:*:*:*:*:*
cpe:2.3:a:ibm:lotus_expeditor_client:6.1.2:*:desktop:*:*:*:*:*
cpe:2.3:a:ibm:lotus_symphany:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:45

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0640.html - Exploit () http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0640.html - Exploit
References () http://secunia.com/advisories/29958 - () http://secunia.com/advisories/29958 -
References () http://thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerability - () http://thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerability -
References () http://www-1.ibm.com/support/docview.wss?uid=swg21303813 - () http://www-1.ibm.com/support/docview.wss?uid=swg21303813 -
References () http://www.securityfocus.com/archive/1/491343/100/0/threaded - () http://www.securityfocus.com/archive/1/491343/100/0/threaded -
References () http://www.securityfocus.com/bid/28926 - Exploit () http://www.securityfocus.com/bid/28926 - Exploit
References () http://www.securitytracker.com/id?1019951 - () http://www.securitytracker.com/id?1019951 -
References () http://www.securitytracker.com/id?1019952 - () http://www.securitytracker.com/id?1019952 -
References () http://www.vupen.com/english/advisories/2008/1394/references - () http://www.vupen.com/english/advisories/2008/1394/references -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/41990 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/41990 -

Information

Published : 2008-04-25 19:05

Updated : 2024-11-21 00:45


NVD link : CVE-2008-1965

Mitre link : CVE-2008-1965

CVE.ORG link : CVE-2008-1965


JSON object : View

Products Affected

ibm

  • lotus_expeditor_client
  • lotus_symphany
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')