返回 CVE 瀏覽器

CVE-2008-1965

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.1550%

EPSS Percentile30.60th

Published2008年4月25日

Last Modified2026年4月23日

Vulnerability Description

Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.

Affected Platforms (CPE)

📦

Ibm

Lotus Expeditor Client

= 6.1.1

📦

Ibm

Lotus Expeditor Client

= 6.1.2

📦

Ibm

Lotus Symphany

All versions

References & Advisories

🔗 http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0640.html

🔗 http://secunia.com/advisories/29958

🔗 http://thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerability

🔗 http://www-1.ibm.com/support/docview.wss?uid=swg21303813

🔗 http://www.securityfocus.com/archive/1/491343/100/0/threaded

🔗 http://www.securityfocus.com/bid/28926

🔗 http://www.securitytracker.com/id?1019951

🔗 http://www.securitytracker.com/id?1019952

相關漏洞威脅

CVE-2008-034510.0

Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, ak...

CVE-2008-524410.0

Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the la...

CVE-2008-034410.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote a...

CVE-2008-034710.0

Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, a...