// For flags

CVE-2011-0912

IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.

Una vulnerabilidad de inyección de argumentos en Lotus Notes de IBM versiones 8.0.x anteriores a 8.0.2 FP6 y versiones 8.5.x anteriores a 8.5.1 FP5, permite a los atacantes remotos ejecutar código arbitrario por medio de una URL cai:// que contiene una opción --launcher.library que especifica un nombre de ruta (path) de recurso compartido UNC para un archivo DLL, también se conoce como SPR PRAD82YJW2.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes. User interaction is required to exploit this vulnerability.
The specific flaw exists within the handling of malformed strings within cai:// URIs. The '--launcher.library' switch can be injected and directed to load a DLL from a network share. This will result in code execution under the context of the current user.

*Credits: rgod
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-02-07 CVE Published
  • 2011-02-08 CVE Reserved
  • 2024-08-06 CVE Updated
  • 2024-10-01 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ibm
Search vendor "Ibm"
Lotus Notes
Search vendor "Ibm" for product "Lotus Notes"
8.0
Search vendor "Ibm" for product "Lotus Notes" and version "8.0"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Notes
Search vendor "Ibm" for product "Lotus Notes"
8.0.1
Search vendor "Ibm" for product "Lotus Notes" and version "8.0.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Notes
Search vendor "Ibm" for product "Lotus Notes"
8.0.2
Search vendor "Ibm" for product "Lotus Notes" and version "8.0.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Notes
Search vendor "Ibm" for product "Lotus Notes"
8.0.2.0
Search vendor "Ibm" for product "Lotus Notes" and version "8.0.2.0"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Notes
Search vendor "Ibm" for product "Lotus Notes"
8.0.2.1
Search vendor "Ibm" for product "Lotus Notes" and version "8.0.2.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Notes
Search vendor "Ibm" for product "Lotus Notes"
8.0.2.2
Search vendor "Ibm" for product "Lotus Notes" and version "8.0.2.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Notes
Search vendor "Ibm" for product "Lotus Notes"
8.0.2.3
Search vendor "Ibm" for product "Lotus Notes" and version "8.0.2.3"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Notes
Search vendor "Ibm" for product "Lotus Notes"
8.0.2.4
Search vendor "Ibm" for product "Lotus Notes" and version "8.0.2.4"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Notes
Search vendor "Ibm" for product "Lotus Notes"
8.0.2.5
Search vendor "Ibm" for product "Lotus Notes" and version "8.0.2.5"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Notes
Search vendor "Ibm" for product "Lotus Notes"
8.5.0.0
Search vendor "Ibm" for product "Lotus Notes" and version "8.5.0.0"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Notes
Search vendor "Ibm" for product "Lotus Notes"
8.5.0.1
Search vendor "Ibm" for product "Lotus Notes" and version "8.5.0.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Notes
Search vendor "Ibm" for product "Lotus Notes"
8.5.1.0
Search vendor "Ibm" for product "Lotus Notes" and version "8.5.1.0"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Notes
Search vendor "Ibm" for product "Lotus Notes"
8.5.1.1
Search vendor "Ibm" for product "Lotus Notes" and version "8.5.1.1"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Notes
Search vendor "Ibm" for product "Lotus Notes"
8.5.1.2
Search vendor "Ibm" for product "Lotus Notes" and version "8.5.1.2"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Notes
Search vendor "Ibm" for product "Lotus Notes"
8.5.1.3
Search vendor "Ibm" for product "Lotus Notes" and version "8.5.1.3"
-
Affected
Ibm
Search vendor "Ibm"
Lotus Notes
Search vendor "Ibm" for product "Lotus Notes"
8.5.1.4
Search vendor "Ibm" for product "Lotus Notes" and version "8.5.1.4"
-
Affected