|
|||
Rule General Information |
---|
Release Date: | 2019-07-06 | |
Rule Name: | IBM Lotus Expeditor cai URI Handler Command Execution Vulnerability (CVE-2008-1965) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname. | |
Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
Reference: | SecurityFocusBID:28926 SecurityTrackerID:1019952 http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0640.html http://thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerability |
|
Solutions |
---|
The vendors have released upgrade patches to fix vulnerabilities, please visit: http://www-01.ibm.com/support/docview.wss?rs=899&uid=swg21303813 |