Argument Injection Vulnerability in IBM Lotus Expeditor Client for Desktop
CVE-2008-1965

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Expeditor Client; Lotus Symphany
Vendor: CVE Published:; 25 April 2008

Summary

An argument injection flaw exists in the cai: URI handler within the rcplauncher of IBM Lotus Expeditor Client for Desktop. This vulnerability allows remote attackers to execute arbitrary code through specially crafted cai: URI requests that inject malicious -launcher options, potentially leading to significant security risks. The affected versions are 6.1.1 and 6.1.2, commonly utilized in Lotus Symphony and possibly other IBM products.

References

http://www.securityfocus.com/bid/28926

vdb-entryx_refsource_BID

http://www.securitytracker.com/id?1019952

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2008/1394/references

vdb-entryx_refsource_VUPEN

EPSS Score

50% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 25, 2008
Vulnerability Reserved
Apr 25, 2008