CyberSec.Space Logo
Back to CVE Browser

CVE-2008-1965

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1550%
EPSS Percentile30.60th
PublishedApr 25, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.

Affected Platforms (CPE)

πŸ“¦
Ibm

Lotus Expeditor Client

= 6.1.1
πŸ“¦
Ibm

Lotus Expeditor Client

= 6.1.2
πŸ“¦
Ibm

Lotus Symphany

All versions

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0640.html
πŸ”— http://secunia.com/advisories/29958
πŸ”— http://thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerability
πŸ”— http://www-1.ibm.com/support/docview.wss?uid=swg21303813
πŸ”— http://www.securityfocus.com/archive/1/491343/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/28926
πŸ”— http://www.securitytracker.com/id?1019951
πŸ”— http://www.securitytracker.com/id?1019952

Related Vulnerabilities

CVE-2008-535510.0

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 1...

CVE-2008-461510.0

Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors.

CVE-2008-535310.0

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and...

CVE-2008-034310.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has u...