IBM Lotus Symphony Image Object Integer Overflow Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with IBM Lotus Symphony and is prone to integer overflow vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary code in the context of affected applications. Failed exploit attempts will likely result in denial-of-service conditions. Impact Level: Application

Solution

Upgrade to IBM Lotus Symphony version 3.0.1 or later, For updates refer to http://www.ibm.com/software/lotus/symphony/home.nsf/home

Insight

The flaw is due to an integer overflow error when processing embedded image objects. This can be exploited to cause a heap-based buffer overflow via a specially crafted JPEG object within a DOC file.

Affected

IBM Lotus Symphony versions 3.0.0 FP3 and prior.

References

http://secunia.com/advisories/47245
http://www-01.ibm.com/support/docview.wss?uid=swg21578684
http://www.securityfocus.com/bid/51591
http://xforce.iss.net/xforce/xfdb/72424

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0192

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Remote Code Execution Vulnerability(Win)
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Windows)
Adobe AIR Multiple Vulnerabilities -01 Feb13 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)

Take action and discover your vulnerabilities