CVE-2011-0912
IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.
Una vulnerabilidad de inyección de argumentos en Lotus Notes de IBM versiones 8.0.x anteriores a 8.0.2 FP6 y versiones 8.5.x anteriores a 8.5.1 FP5, permite a los atacantes remotos ejecutar código arbitrario por medio de una URL cai:// que contiene una opción --launcher.library que especifica un nombre de ruta (path) de recurso compartido UNC para un archivo DLL, también se conoce como SPR PRAD82YJW2.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes. User interaction is required to exploit this vulnerability.
The specific flaw exists within the handling of malformed strings within cai:// URIs. The '--launcher.library' switch can be injected and directed to load a DLL from a network share. This will result in code execution under the context of the current user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-02-07 CVE Published
- 2011-02-08 CVE Reserved
- 2024-08-06 CVE Updated
- 2024-10-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://zerodayinitiative.com/advisories/ZDI-11-051 | X_refsource_misc | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14348 | Signature |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/43222 | 2017-09-19 | |
http://www-01.ibm.com/support/docview.wss?uid=swg21461514 | 2017-09-19 | |
http://www.vupen.com/english/advisories/2011/0295 | 2017-09-19 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 8.0 Search vendor "Ibm" for product "Lotus Notes" and version "8.0" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 8.0.1 Search vendor "Ibm" for product "Lotus Notes" and version "8.0.1" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 8.0.2 Search vendor "Ibm" for product "Lotus Notes" and version "8.0.2" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 8.0.2.0 Search vendor "Ibm" for product "Lotus Notes" and version "8.0.2.0" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 8.0.2.1 Search vendor "Ibm" for product "Lotus Notes" and version "8.0.2.1" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 8.0.2.2 Search vendor "Ibm" for product "Lotus Notes" and version "8.0.2.2" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 8.0.2.3 Search vendor "Ibm" for product "Lotus Notes" and version "8.0.2.3" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 8.0.2.4 Search vendor "Ibm" for product "Lotus Notes" and version "8.0.2.4" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 8.0.2.5 Search vendor "Ibm" for product "Lotus Notes" and version "8.0.2.5" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 8.5.0.0 Search vendor "Ibm" for product "Lotus Notes" and version "8.5.0.0" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 8.5.0.1 Search vendor "Ibm" for product "Lotus Notes" and version "8.5.0.1" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 8.5.1.0 Search vendor "Ibm" for product "Lotus Notes" and version "8.5.1.0" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 8.5.1.1 Search vendor "Ibm" for product "Lotus Notes" and version "8.5.1.1" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 8.5.1.2 Search vendor "Ibm" for product "Lotus Notes" and version "8.5.1.2" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 8.5.1.3 Search vendor "Ibm" for product "Lotus Notes" and version "8.5.1.3" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 8.5.1.4 Search vendor "Ibm" for product "Lotus Notes" and version "8.5.1.4" | - |
Affected
|