Added: 05/30/2008
CVE: CVE-2008-2499
BID: 29328
OSVDB: 45610
IBM Lotus Sametime is enterprise instant messaging and web conferencing software.
A buffer overflow vulnerability in the Community Services Multiplexer allows remote attackers to execute arbitrary commands by requesting a long, specially crafted URL.
Upgrade to Sametime 8.0.1 or apply one of the workarounds described in the Technote.
<http://www.zerodayinitiative.com/advisories/ZDI-08-028/>
Exploit works on IBM Lotus Sametime 8.0.
Windows 2000
Windows Server 2003