8 results (0.001 seconds)

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

Multiple untrusted search path vulnerabilities in IBM Lotus Symphony 1.3.0 20090908.0900 allow local users to gain privileges via a Trojan horse (1) eclipse_1114.dll or (2) emser645mi.dll file in the current working directory, as demonstrated by a directory that contains a .odm, .odt, .otp, .stc, .stw, .sxg, or .sxw file. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de ruta de búsqueda no confiable en IBM Lotus Symphony 1.3.0 20090908.0900 permite a usuarios locales obtener privilegios a través de un caballo de troya (1) eclipse_1114.dll o (2) Archivo emser645mi.dll en el directorio de trabajo actual, como lo demuestra un directorio que contiene un archivo. odm,. odt,. otp,. stc,. stw,. sxg, o. sxw. NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros. • http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bibm_lotus_symphony%5D_3-beta-4_insecure_dll_hijacking http://secunia.com/advisories/41400 •

CVSS: 9.3EPSS: 12%CPEs: 4EXPL: 0

Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file. Múltiples desbordamientos de enteros en vclmi.dll en el módulo de biblioteca de clases visuales de IBM Lotus Symphony antes de v3.0.1 podrían permitir a atacantes remotos ejecutar código de su elección a través de un objeto de imagen (1) JPEG o (2) PNG integrado en un documento Symphony que desencadena un desbordamiento de buffer basado en memoria dinámica, tal y como se demuestra con un archivo .doc. • http://osvdb.org/78345 http://secunia.com/advisories/47245 http://www-01.ibm.com/support/docview.wss?uid=swg21578684 http://www.securityfocus.com/bid/51591 https://exchange.xforce.ibmcloud.com/vulnerabilities/72424 • CWE-189: Numeric Errors •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues." Múltiples vulnerabilidades no especificadas en IBM Lotus Symphony 3 anteriores a FP3 tienen un impacto desconocido y vectores de ataque, relacionado con "temas críticos de vulnerabilidades de seguridad." • http://secunia.com/advisories/45271 http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm http://www.ibm.com/support/docview.wss?uid=swg21505448 http://www.osvdb.org/73988 http://www.securityfocus.com/bid/48936 https://exchange.xforce.ibmcloud.com/vulnerabilities/68892 https://www-304.ibm.com/jct03001c/software/lotus/symp •

CVSS: 4.3EPSS: 3%CPEs: 3EXPL: 0

IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via the sample .doc document that incorporates a user-defined toolbar. IBM Lotus Symphony 3 anterior a FP3 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) mediante un documento .doc que incorpora una barra de herramientas definida por el usuario. • http://osvdb.org/74159 http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm http://www.ibm.com/support/docview.wss?uid=swg21505448 http://www.securityfocus.com/bid/48936 https://exchange.xforce.ibmcloud.com/vulnerabilities/68891 https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_ • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 3%CPEs: 3EXPL: 0

IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application hang) via complex graphics in a presentation. IBM Lotus Symphony 3 anterior a FP3 permite a atacantes remotos causar una denegación de servicio (bloqueo de la aplicación) a través de gráficos complejos en una presentación. • http://osvdb.org/74165 http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm http://www.ibm.com/support/docview.wss?uid=swg21505448 http://www.securityfocus.com/bid/48936 https://exchange.xforce.ibmcloud.com/vulnerabilities/68888 https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_ • CWE-399: Resource Management Errors •