IBM Lotus Symphony Image Object Integer Overflow Vulnerability (Linux) Network Vulnerability

Summary

This host is installed with IBM Lotus Symphony and is prone to integer overflow vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary code in the context of affected applications. Failed exploit attempts will likely result in denial-of-service conditions. Impact Level: Application

Solution

Upgrade to IBM Lotus Symphony version 3.0.1 or later, For updates refer to http://www.ibm.com/software/lotus/symphony/home.nsf/home

Insight

The flaw is due to an integer overflow error when processing embedded image objects. This can be exploited to cause a heap-based buffer overflow via a specially crafted JPEG object within a DOC file.

Affected

IBM Lotus Symphony versions 3.0.0 FP3 and prior.

References

http://secunia.com/advisories/47245
http://www-01.ibm.com/support/docview.wss?uid=swg21578684
http://www.securityfocus.com/bid/51591
http://xforce.iss.net/xforce/xfdb/72424

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0192

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
Adobe AIR Multiple Vulnerabilities -02 April 13 (Mac OS X)
Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)
Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)

Take action and discover your vulnerabilities