CVE-2008-1965 Information

Feb 14, 2021 cve

Description

Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2 as used by Lotus Symphony and possibly other products allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI as demonstrated by a reference to a UNC share pathname.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0640.html http://secunia.com/advisories/29958 http://thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerability http://www.securityfocus.com/archive/1/491343/100/0/threaded http://www.securityfocus.com/bid/28926 http://www.securitytracker.com/id?1019951 http://www.securitytracker.com/id?1019952 http://www.vupen.com/english/advisories/2008/1394/references http://www-1.ibm.com/support/docview.wss?uid=swg21303813 https://exchange.xforce.ibmcloud.com/vulnerabilities/41990

Share on: