← voltar
CVE-2008-1965

CVE-2008-1965

EPSS 10.7%
Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.
Produtos afetados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/31706não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0640.htmlhttp://secunia.com/advisories/29958https://exchange.xforce.ibmcloud.com/vulnerabilities/41990http://thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerabilityhttp://www-1.ibm.com/support/docview.wss?uid=swg21303813http://www.securityfocus.com/archive/1/491343/100/0/threadedhttp://www.securityfocus.com/bid/28926http://www.securitytracker.com/id?1019951http://www.securitytracker.com/id?1019952http://www.vupen.com/english/advisories/2008/1394/references