CVE Record: CVE-2008-1965

Required CVE Record Information

Description

Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.

Product Status

Learn more

Information not provided

References 10 Total

Updated: 2024-08-07

This container includes required additional information provided by the CVE Program for this vulnerability.

References 10 Total

securityfocus.com: 28926
external site
vdb-entryx_transferred
securitytracker.com: 1019952
external site
vdb-entryx_transferred
vupen.com: ADV-2008-1394
external site
vdb-entryx_transferred
archives.neohapsis.com: 20080424 Lotus expeditor rcplauncher uri handler vulnerability
external site
mailing-listx_transferred
securitytracker.com: 1019951
external site
vdb-entryx_transferred
exchange.xforce.ibmcloud.com: ibm-lotussymphony-rcplauncher-code-execution(41990)
external site
vdb-entryx_transferred
secunia.com: 29958
external site
third-party-advisoryx_transferred
http://thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerability
external site
x_transferred
securityfocus.com: 20080425 Lotus expeditor rcplauncher uri handler vulnerability
external site
mailing-listx_transferred
http://www-1.ibm.com/support/docview.wss?uid=swg21303813
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: MITRE Corporation

Description

Product Status

References 10 Total

CVE Program

References 10 Total