CVE-2009-3518 Information

Description

Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier as used in IBM Rational Robot and Rational Team Concert allows remote attackers to load arbitrary DLL files via the -vm option as demonstrated by a reference to a UNC share pathname.

Reference

http://retrogod.altervista.org/9sg_ibm_uri.html http://secunia.com/advisories/36906 http://www.vupen.com/english/advisories/2009/2792