CVE-2009-3518

Currently unrated

Key Information:

Vendor: IBM
Status: Installation Manager
Vendor: CVE Published:; 1 October 2009

Summary

Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname.

References

http://www.vupen.com/english/advisories/2009/2792

vdb-entryx_refsource_VUPEN

http://retrogod.altervista.org/9sg_ibm_uri.html

x_refsource_MISC

http://secunia.com/advisories/36906

third-party-advisoryx_refsource_SECUNIA

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 1, 2009