CyberSec.Space Logo
返回 CVE 浏览器

CVE-2012-0192

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1950%
EPSS Percentile22.36th
Published2012年1月23日
Last Modified2026年4月29日

Vulnerability Description

Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file.

Affected Platforms (CPE)

📦
Ibm

Lotus Symphony

<= 3.0.0.3
📦
Ibm

Lotus Symphony

= 1.3
📦
Ibm

Lotus Symphony

= 3.0.0.1
📦
Ibm

Lotus Symphony

= 3.0.0.2

References & Advisories

🔗 http://osvdb.org/78345
🔗 http://secunia.com/advisories/47245
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21578684
🔗 http://www.securityfocus.com/bid/51591
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/72424
🔗 http://osvdb.org/78345
🔗 http://secunia.com/advisories/47245
🔗 http://www-01.ibm.com/support/docview.wss?uid=swg21578684

相关漏洞威胁

CVE-2011-288410.0

Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critic...

CVE-2008-19659.3

Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2,...

CVE-2010-52046.9

Multiple untrusted search path vulnerabilities in IBM Lotus Symphony 1.3.0 20090908.0900 allow local users to gain privileges via ...

CVE-2011-28854.3

IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via the sample .doc docum...