Summary
This host is installed with IBM Lotus Notes and is prone to remote code execution vulnerability.
Impact
Successful exploitation will allow attackers to execute arbitrary code via a malicious URLs.
Impact Level: System/Application
Solution
Upgrade to IBM Lotus Notes 8.5.3 FP2 or later,
For updates refer to http://www-304.ibm.com/support/docview.wss?uid=swg21598348
Insight
An error exists within the URL handler which allows attackers to execute commands on the target.
Affected
IBM Lotus Notes Version 8.x before 8.5.3 FP2 on windows
References
- http://packetstormsecurity.com/files/119058/IBM-Lotus-Notes-Client-URL-Handler-Command-Injection.html
- http://secunia.com/advisories/49601
- http://securitytracker.com/id?1027427
- http://www.exploit-db.com/exploits/23650
- http://www.osvdb.org/83063
- http://www.zerodayinitiative.com/advisories/ZDI-12-154
- http://xforce.iss.net/xforce/xfdb/75320
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2012-2174 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)
- Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)
- Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
- Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
- Adobe Air Multiple Vulnerabilities - December12 (Windows)