CVE-2008-2499

2008-05-2916:32:00

CWE-119

mitre

web.nvd.nist.gov

cve-2008-2499

stack-based buffer overflow

ibm lotus sametime

remote code execution

crafted url

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.969

Percentile

99.7%

JSON

Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL.

Affected configurations

Nvd

Node

ibmlotus_sametimeRange≤7.5

ibmlotus_sametimeRange8.0–8.0.1

ibmlotus_sametimeMatch7.5.1cf1

VendorProductVersionCPE
ibmlotus_sametime*cpe:2.3:a:ibm:lotus_sametime:*:*:*:*:*:*:*:*
ibmlotus_sametime7.5.1cpe:2.3:a:ibm:lotus_sametime:7.5.1:cf1:*:*:*:*:*:*