CVE-2012-0192

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Symphony
Vendor: CVE Published:; 23 January 2012

Summary

Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file.

References

http://www.securityfocus.com/bid/51591

vdb-entryx_refsource_BID

http://secunia.com/advisories/47245

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/78345

vdb-entryx_refsource_OSVDB

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 23, 2012
Vulnerability Reserved
Dec 14, 2011