CVE-2008-1965

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Expeditor Client; Lotus Symphany
Vendor: CVE Published:; 25 April 2008

Summary

Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.

References

http://www.securityfocus.com/bid/28926

vdb-entryx_refsource_BID

http://www.securitytracker.com/id?1019952

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2008/1394/references

vdb-entryx_refsource_VUPEN

EPSS Score

87% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 25, 2008
Vulnerability Reserved
Apr 25, 2008