This host is installed with IBM Lotus Symphony and is prone to multiple untrusted search path vulnerabilities.

Successful exploitation will allow attacker to execute arbitrary code on the target system. Impact Level: System/Application

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. Apply the woraround from below links http://support.microsoft.com/kb/2264107 http://technet.microsoft.com/en-us/security/advisory/2269637#EGF

The flaw is due to the way it loads dynamic-link libraries (e.g. eclipse_1114.dll and emser645mi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a ODT, STW, or SXW file located on a remote WebDAV or SMB share.

IBM Lotus Symphony version 1.3.0 Revision 20090908.0900

• http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bibm_lotus_symphony%5D_3-beta-4_insecure_dll_hijacking
• http://seclists.org/fulldisclosure/2010/Sep/220
• http://secunia.com/advisories/41400
• http://support.microsoft.com/kb/2264107
• http://www.osvdb.org/show/osvdb/68010

---

Updated on 2017-03-28