IBM Lotus Symphony < 3.0.1 Embedded Image File Handling Remote Overflows

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote host has an application that is affected by multiple
integer overflows.

Description :

The version of IBM Lotus Symphony on the remote host was found to be
earlier than 3.0.1. As such, it is reportedly affected by multiple
integer overflows in vlcmi.dll. These vulnerabilities can be
triggered by a malicious JPEG or PNG image object embedded in a .DOC
file, resulting in arbitrary code execution.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21578684

Solution :

Upgrade to IBM Lotus Symphony 3.0.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 59109 ()

Bugtraq ID: 51591

CVE ID: CVE-2012-0192

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now