Integer Overflow Flaw in IBM Lotus Symphony's vclmi.dll Component
CVE-2012-0192

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Symphony
Vendor: CVE Published:; 23 January 2012

Summary

IBM Lotus Symphony contains a security flaw in the vclmi.dll module that can lead to integer overflow issues. This vulnerability is exploitable when an attacker embeds a specially crafted JPEG or PNG image in a Symphony document. This can trigger a heap-based buffer overflow, enabling remote attackers to execute arbitrary code. Users of IBM Lotus Symphony versions prior to 3.0.1 are particularly at risk. It is crucial for users to apply recommended updates and employ security best practices to mitigate this threat.

References

http://www.securityfocus.com/bid/51591

vdb-entryx_refsource_BID

http://secunia.com/advisories/47245

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/78345

vdb-entryx_refsource_OSVDB

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 23, 2012
Vulnerability Reserved
Dec 14, 2011