Vulnerability Description
Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Lotus Expeditor Client | 6.1.1 |
| Ibm | Lotus Symphany | All versions |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0640.htmlExploit
- http://secunia.com/advisories/29958
- http://thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerability
- http://www-1.ibm.com/support/docview.wss?uid=swg21303813
- http://www.securityfocus.com/archive/1/491343/100/0/threaded
- http://www.securityfocus.com/bid/28926Exploit
- http://www.securitytracker.com/id?1019951
- http://www.securitytracker.com/id?1019952
- http://www.vupen.com/english/advisories/2008/1394/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41990
- http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0640.htmlExploit
- http://secunia.com/advisories/29958
- http://thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerability
- http://www-1.ibm.com/support/docview.wss?uid=swg21303813
- http://www.securityfocus.com/archive/1/491343/100/0/threaded
FAQ
What is CVE-2008-1965?
CVE-2008-1965 is a vulnerability with a CVSS score of 9.3 (HIGH). Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote ...
How severe is CVE-2008-1965?
CVE-2008-1965 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1965?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Lotus Expeditor Client, Ibm Lotus Symphany.