CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5204
https://notcve.org/view.php?id=CVE-2010-5204
Multiple untrusted search path vulnerabilities in IBM Lotus Symphony 1.3.0 20090908.0900 allow local users to gain privileges via a Trojan horse (1) eclipse_1114.dll or (2) emser645mi.dll file in the current working directory, as demonstrated by a directory that contains a .odm, .odt, .otp, .stc, .stw, .sxg, or .sxw file. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de ruta de búsqueda no confiable en IBM Lotus Symphony 1.3.0 20090908.0900 permite a usuarios locales obtener privilegios a través de un caballo de troya (1) eclipse_1114.dll o (2) Archivo emser645mi.dll en el directorio de trabajo actual, como lo demuestra un directorio que contiene un archivo. odm,. odt,. otp,. stc,. stw,. sxg, o. sxw. NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros. • http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bibm_lotus_symphony%5D_3-beta-4_insecure_dll_hijacking http://secunia.com/advisories/41400 •
CVSS: 9.3EPSS: 12%CPEs: 4EXPL: 0CVE-2012-0192
https://notcve.org/view.php?id=CVE-2012-0192
Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file. Múltiples desbordamientos de enteros en vclmi.dll en el módulo de biblioteca de clases visuales de IBM Lotus Symphony antes de v3.0.1 podrían permitir a atacantes remotos ejecutar código de su elección a través de un objeto de imagen (1) JPEG o (2) PNG integrado en un documento Symphony que desencadena un desbordamiento de buffer basado en memoria dinámica, tal y como se demuestra con un archivo .doc. • http://osvdb.org/78345 http://secunia.com/advisories/47245 http://www-01.ibm.com/support/docview.wss?uid=swg21578684 http://www.securityfocus.com/bid/51591 https://exchange.xforce.ibmcloud.com/vulnerabilities/72424 • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 3%CPEs: 3EXPL: 0CVE-2011-2885
https://notcve.org/view.php?id=CVE-2011-2885
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via the sample .doc document that incorporates a user-defined toolbar. IBM Lotus Symphony 3 anterior a FP3 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) mediante un documento .doc que incorpora una barra de herramientas definida por el usuario. • http://osvdb.org/74159 http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm http://www.ibm.com/support/docview.wss?uid=swg21505448 http://www.securityfocus.com/bid/48936 https://exchange.xforce.ibmcloud.com/vulnerabilities/68891 https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_ • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 3%CPEs: 4EXPL: 0CVE-2011-2887
https://notcve.org/view.php?id=CVE-2011-2887
IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to cause a denial of service (application crash) via a certain sample document. IBM Lotus Symphony 3 anterior a FP3 en Linux permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un documento de ejemplo determinado. • http://osvdb.org/74163 http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm http://www.ibm.com/support/docview.wss?uid=swg21505448 http://www.securityfocus.com/bid/48936 https://exchange.xforce.ibmcloud.com/vulnerabilities/68889 https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_ • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2011-2884
https://notcve.org/view.php?id=CVE-2011-2884
Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues." Múltiples vulnerabilidades no especificadas en IBM Lotus Symphony 3 anteriores a FP3 tienen un impacto desconocido y vectores de ataque, relacionado con "temas críticos de vulnerabilidades de seguridad." • http://secunia.com/advisories/45271 http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm http://www.ibm.com/support/docview.wss?uid=swg21505448 http://www.osvdb.org/73988 http://www.securityfocus.com/bid/48936 https://exchange.xforce.ibmcloud.com/vulnerabilities/68892 https://www-304.ibm.com/jct03001c/software/lotus/symp •