CyberSec.Space Logo
Back to CVE Browser

CVE-2012-0192

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1950%
EPSS Percentile22.36th
PublishedJan 23, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file.

Affected Platforms (CPE)

πŸ“¦
Ibm

Lotus Symphony

<= 3.0.0.3
πŸ“¦
Ibm

Lotus Symphony

= 1.3
πŸ“¦
Ibm

Lotus Symphony

= 3.0.0.1
πŸ“¦
Ibm

Lotus Symphony

= 3.0.0.2

References & Advisories

πŸ”— http://osvdb.org/78345
πŸ”— http://secunia.com/advisories/47245
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21578684
πŸ”— http://www.securityfocus.com/bid/51591
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/72424
πŸ”— http://osvdb.org/78345
πŸ”— http://secunia.com/advisories/47245
πŸ”— http://www-01.ibm.com/support/docview.wss?uid=swg21578684

Related Vulnerabilities

CVE-2011-288410.0

Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critic...

CVE-2008-19659.3

Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2,...

CVE-2010-52046.9

Multiple untrusted search path vulnerabilities in IBM Lotus Symphony 1.3.0 20090908.0900 allow local users to gain privileges via ...

CVE-2011-28854.3

IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via the sample .doc docum...