9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.11 Low
EPSS
Percentile
95.2%
The version of IBM Lotus Symphony on the remote host was found to be earlier than 3.0.1. As such, it is reportedly affected by multiple integer overflows in vlcmi.dll. These vulnerabilities can be triggered by a malicious JPEG or PNG image object embedded in a .DOC file, resulting in arbitrary code execution.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(59109);
script_version("1.3");
script_cvs_date("Date: 2018/07/14 1:59:37");
script_cve_id("CVE-2012-0192");
script_bugtraq_id(51591);
script_name(english:"IBM Lotus Symphony < 3.0.1 Embedded Image File Handling Remote Overflows");
script_summary(english:"Checks version of IBM Lotus Symphony");
script_set_attribute(
attribute:"synopsis",
value:
"The remote host has an application that is affected by multiple
integer overflows."
);
script_set_attribute(
attribute:"description",
value:
"The version of IBM Lotus Symphony on the remote host was found to be
earlier than 3.0.1. As such, it is reportedly affected by multiple
integer overflows in vlcmi.dll. These vulnerabilities can be
triggered by a malicious JPEG or PNG image object embedded in a .DOC
file, resulting in arbitrary code execution."
);
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21578684");
script_set_attribute(
attribute:"solution",
value:"Upgrade to IBM Lotus Symphony 3.0.1 or later."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/20");
script_set_attribute(attribute:"patch_publication_date", value:"2012/01/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:lotus_symphony");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
script_dependencies("lotus_symphony_installed.nasl");
script_require_keys("SMB/Lotus_Symphony/Installed");
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("audit.inc");
appname = "Lotus Symphony";
kb_base = "SMB/Lotus_Symphony/";
port = get_kb_item("SMB/transport");
get_kb_item_or_exit(kb_base + "Installed");
version = get_kb_item_or_exit(kb_base + "Version");
# extract build timestamp
item = eregmatch(pattern:"([0-9]+)-([0-9]+)$", string:version);
if (isnull(item)) exit(1, "Error parsing the version string ("+version+").");
# date/time
dt = int(item[1]);
tm = int(item[2]);
if (
dt < 20120110 ||
(dt == 20120110 && tm < 2000)
)
{
if (report_verbosity > 0)
{
path = get_kb_item(kb_base + "Path");
ver_ui = get_kb_item(kb_base + "Version_UI");
report = '\n Path : ' + path +
'\n Installed version : ' + ver_ui +
'\n Fixed version : 3.0.1 (3.0.1.20120110-2000)\n';
security_hole(port:port,extra:report);
}
else security_hole(port);
exit(0);
}
else audit(AUDIT_INST_VER_NOT_VULN, appname, version);
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | lotus_symphony | cpe:/a:ibm:lotus_symphony |