Code Execution Vulnerability in IBM Lotus Notes Sametime ActiveX Control
CVE-2007-1784

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Sametime
Vendor: CVE Published:; 31 March 2007

Summary

The JNILoader ActiveX control (STJNILoader.ocx) version 3.1.0.26 within IBM Lotus Notes Sametime before version 7.5 is prone to a vulnerability that allows remote attackers to execute arbitrary code. By supplying crafted arguments to the loadLibrary function, an attacker could load arbitrary Dynamic Link Library (DLL) files, potentially compromising the system's integrity and security.

References

http://www.securityfocus.com/bid/23201

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/33314

vdb-entryx_refsource_XF

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

Timeline

Vulnerability published
Mar 31, 2007
Vulnerability Reserved
Mar 30, 2007