CVEブラウザに戻る

CVE-2008-1965

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.1550%

EPSS Percentile30.60th

Published2008年4月25日

Last Modified2026年4月23日

Vulnerability Description

Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.

Affected Platforms (CPE)

📦

Ibm

Lotus Expeditor Client

= 6.1.1

📦

Ibm

Lotus Expeditor Client

= 6.1.2

📦

Ibm

Lotus Symphany

All versions

References & Advisories

🔗 http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0640.html

🔗 http://secunia.com/advisories/29958

🔗 http://thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerability

🔗 http://www-1.ibm.com/support/docview.wss?uid=swg21303813

🔗 http://www.securityfocus.com/archive/1/491343/100/0/threaded

🔗 http://www.securityfocus.com/bid/28926

🔗 http://www.securitytracker.com/id?1019951

🔗 http://www.securitytracker.com/id?1019952

関連する脆弱性情報

CVE-2008-652010.0

Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote att...

CVE-2008-456310.0

Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storag...

CVE-2008-651910.0

Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause...

CVE-2008-653610.0

Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME...