Argument Injection Vulnerability in IBM Installation Manager Affecting IBM Rational Products
CVE-2009-3518

Currently unrated

Key Information:

Vendor: IBM
Status: Installation Manager
Vendor: CVE Published:; 1 October 2009

Summary

The vulnerability allows remote attackers to exploit the iim: URI handler within IBM Installation Manager, enabling them to load arbitrary DLL files using the -vm option. This can be accomplished by referencing a UNC share pathname, posing a significant risk to the security of IBM Rational products like Rational Robot and Rational Team Concert. Attackers utilize this weakness to execute malicious software, potentially leading to unauthorized actions on affected systems.

References

http://www.vupen.com/english/advisories/2009/2792

vdb-entryx_refsource_VUPEN

http://retrogod.altervista.org/9sg_ibm_uri.html

x_refsource_MISC

http://secunia.com/advisories/36906

third-party-advisoryx_refsource_SECUNIA

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 1, 2009