Detections
Analytics
IBM Lotus Symphony < 3.0.1 Fix Pack 2 Multiple Vulnerabilities
high Nessus Plugin ID 63266
Language:
Synopsis
The remote host has an application installed that is affected by multiple vulnerabilities.Description
The version of IBM Lotus Symphony is a version prior to 3.0.1 Fix Pack 2. Such versions are affected by multiple vulnerabilities :- Flaws exist in the way certain XML components are processed for external entities in ODF documents.
These flaws can be utilized to access and inject the content of local files into an ODF document without a user's knowledge or permission, or inject arbitrary code that would be executed when opened by the user.
(CVE-2012-0037)
- An integer overflow error exists in 'vclmi.dll' that can allow heap-based buffer overflows when handling embedded image objects. (CVE-2012-1149)
- Memory checking errors exist in 'filter/source/msfilter msdffimp.cxx' that can be triggered when processing PowerPoint graphics records.
These errors can allow denial of service attacks.
(CVE-2012-2334)
- Errors exist related to XML tag handling and base64 decoding that can lead to heap-based buffer overflows.
(CVE-2012-2665)
Solution
Upgrade to IBM Lotus Symphony 3.0.1 Fix Pack 2 (3.0.1.20121012-2300) or later.See Also
Plugin Details
Severity: High
ID: 63266
File Name: lotus_symphony_3_0_1_fp2.nasl
Version: 1.6
Type: local
Agent: windows
Family: Windows
Published: 12/14/2012
Updated: 12/4/2019
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2012-2665
Vulnerability Information
CPE: cpe:/a:ibm:lotus_symphony
Required KB Items: SMB/Lotus_Symphony/Installed
Exploit Ease: No known exploits are available
Patch Publication Date: 11/29/2012
Vulnerability Publication Date: 3/22/2012
Reference Information
CVE: CVE-2012-0037, CVE-2012-1149, CVE-2012-2334, CVE-2012-2665
BID: 56755