CVSS: 9.3EPSS: 12%CPEs: 4EXPL: 0CVE-2012-0192
https://notcve.org/view.php?id=CVE-2012-0192
Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file. Múltiples desbordamientos de enteros en vclmi.dll en el módulo de biblioteca de clases visuales de IBM Lotus Symphony antes de v3.0.1 podrían permitir a atacantes remotos ejecutar código de su elección a través de un objeto de imagen (1) JPEG o (2) PNG integrado en un documento Symphony que desencadena un desbordamiento de buffer basado en memoria dinámica, tal y como se demuestra con un archivo .doc. • http://osvdb.org/78345 http://secunia.com/advisories/47245 http://www-01.ibm.com/support/docview.wss?uid=swg21578684 http://www.securityfocus.com/bid/51591 https://exchange.xforce.ibmcloud.com/vulnerabilities/72424 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2011-2884
https://notcve.org/view.php?id=CVE-2011-2884
Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues." Múltiples vulnerabilidades no especificadas en IBM Lotus Symphony 3 anteriores a FP3 tienen un impacto desconocido y vectores de ataque, relacionado con "temas críticos de vulnerabilidades de seguridad." • http://secunia.com/advisories/45271 http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm http://www.ibm.com/support/docview.wss?uid=swg21505448 http://www.osvdb.org/73988 http://www.securityfocus.com/bid/48936 https://exchange.xforce.ibmcloud.com/vulnerabilities/68892 https://www-304.ibm.com/jct03001c/software/lotus/symp •
CVSS: 4.3EPSS: 3%CPEs: 3EXPL: 0CVE-2011-2885
https://notcve.org/view.php?id=CVE-2011-2885
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via the sample .doc document that incorporates a user-defined toolbar. IBM Lotus Symphony 3 anterior a FP3 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) mediante un documento .doc que incorpora una barra de herramientas definida por el usuario. • http://osvdb.org/74159 http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm http://www.ibm.com/support/docview.wss?uid=swg21505448 http://www.securityfocus.com/bid/48936 https://exchange.xforce.ibmcloud.com/vulnerabilities/68891 https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_ • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 3%CPEs: 3EXPL: 0CVE-2011-2888
https://notcve.org/view.php?id=CVE-2011-2888
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application hang) via complex graphics in a presentation. IBM Lotus Symphony 3 anterior a FP3 permite a atacantes remotos causar una denegación de servicio (bloqueo de la aplicación) a través de gráficos complejos en una presentación. • http://osvdb.org/74165 http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm http://www.ibm.com/support/docview.wss?uid=swg21505448 http://www.securityfocus.com/bid/48936 https://exchange.xforce.ibmcloud.com/vulnerabilities/68888 https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_ • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 3%CPEs: 3EXPL: 0CVE-2011-2886
https://notcve.org/view.php?id=CVE-2011-2886
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via a .docx document with empty bullet styles for parent bullets. IBM Lotus Symphony 3 anterior a FP3 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) mediante un documento .Docx con estilos de viñetas vacías para «viñetas padre». • http://osvdb.org/74160 http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm http://www.ibm.com/support/docview.wss?uid=swg21505448 http://www.securityfocus.com/bid/48936 https://exchange.xforce.ibmcloud.com/vulnerabilities/68890 https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_ • CWE-399: Resource Management Errors •