Lucene search

MitreCVE-2011-0912

HistoryFeb 08, 2011 - 10:00 p.m.

CVE-2011-0912

2011-02-0822:00:02

CWE-20

mitre

web.nvd.nist.gov

cve

ibm

lotus notes

vulnerability

remote code execution

spr prad82yjw2

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.11

Percentile

95.2%

JSON

Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.

Affected configurations

Nvd

Node

ibmlotus_notesMatch8.0

ibmlotus_notesMatch8.0.1

ibmlotus_notesMatch8.0.2

ibmlotus_notesMatch8.0.2.0

ibmlotus_notesMatch8.0.2.1

ibmlotus_notesMatch8.0.2.2

ibmlotus_notesMatch8.0.2.3

ibmlotus_notesMatch8.0.2.4

ibmlotus_notesMatch8.0.2.5

Node

ibmlotus_notesMatch8.5.0.0

ibmlotus_notesMatch8.5.0.1

ibmlotus_notesMatch8.5.1.0

ibmlotus_notesMatch8.5.1.1

ibmlotus_notesMatch8.5.1.2

ibmlotus_notesMatch8.5.1.3

ibmlotus_notesMatch8.5.1.4

VendorProductVersionCPE
ibmlotus_notes8.0cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
ibmlotus_notes8.0.1cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*
ibmlotus_notes8.0.2cpe:2.3:a:ibm:lotus_notes:8.0.2:*:*:*:*:*:*:*
ibmlotus_notes8.0.2.0cpe:2.3:a:ibm:lotus_notes:8.0.2.0:*:*:*:*:*:*:*
ibmlotus_notes8.0.2.1cpe:2.3:a:ibm:lotus_notes:8.0.2.1:*:*:*:*:*:*:*
ibmlotus_notes8.0.2.2cpe:2.3:a:ibm:lotus_notes:8.0.2.2:*:*:*:*:*:*:*
ibmlotus_notes8.0.2.3cpe:2.3:a:ibm:lotus_notes:8.0.2.3:*:*:*:*:*:*:*
ibmlotus_notes8.0.2.4cpe:2.3:a:ibm:lotus_notes:8.0.2.4:*:*:*:*:*:*:*
ibmlotus_notes8.0.2.5cpe:2.3:a:ibm:lotus_notes:8.0.2.5:*:*:*:*:*:*:*
ibmlotus_notes8.5.0.0cpe:2.3:a:ibm:lotus_notes:8.5.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	lotus_notes	8.0	cpe:2.3:a:ibm:lotus_notes:8.0:::::::*
ibm	lotus_notes	8.0.1	cpe:2.3:a:ibm:lotus_notes:8.0.1:::::::*
ibm	lotus_notes	8.0.2	cpe:2.3:a:ibm:lotus_notes:8.0.2:::::::*
ibm	lotus_notes	8.0.2.0	cpe:2.3:a:ibm:lotus_notes:8.0.2.0:::::::*
ibm	lotus_notes	8.0.2.1	cpe:2.3:a:ibm:lotus_notes:8.0.2.1:::::::*
ibm	lotus_notes	8.0.2.2	cpe:2.3:a:ibm:lotus_notes:8.0.2.2:::::::*
ibm	lotus_notes	8.0.2.3	cpe:2.3:a:ibm:lotus_notes:8.0.2.3:::::::*
ibm	lotus_notes	8.0.2.4	cpe:2.3:a:ibm:lotus_notes:8.0.2.4:::::::*
ibm	lotus_notes	8.0.2.5	cpe:2.3:a:ibm:lotus_notes:8.0.2.5:::::::*
ibm	lotus_notes	8.5.0.0	cpe:2.3:a:ibm:lotus_notes:8.5.0.0:::::::*

Rows per page:

1-10 of 161

References

secunia.com/advisories/43222

www-01.ibm.com/support/docview.wss?uid=swg21461514

www.vupen.com/english/advisories/2011/0295

zerodayinitiative.com/advisories/ZDI-11-051/

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14348

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.11

Percentile

95.2%

JSON

Related for CVE-2011-0912