9.3
CVE-2012-0192
- EPSS 5.2%
- Veröffentlicht 23.01.2012 15:55:00
- Zuletzt bearbeitet 16.06.2026 23:36:52
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Lotus Symphony Version <= 3.0.0.3
Ibm ≫ Lotus Symphony Version1.3
Ibm ≫ Lotus Symphony Version3.0.0.1
Ibm ≫ Lotus Symphony Version3.0.0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.2% | 0.914 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
http://osvdb.org/78345
http://secunia.com/advisories/47245
http://www-01.ibm.com/support/docview.wss?uid=swg21578684
http://www.securityfocus.com/bid/51591
https://exchange.xforce.ibmcloud.com/vulnerabilities/72424