CVE-2012-0192 Information

Description

Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow as demonstrated by a .doc file.

Reference

http://osvdb.org/78345 http://secunia.com/advisories/47245 http://www.securityfocus.com/bid/51591 http://www-01.ibm.com/support/docview.wss?uid=swg21578684 https://exchange.xforce.ibmcloud.com/vulnerabilities/72424