Vulnerability Name:

CVE-2007-1784 (CCN-33314)

Assigned:2007-03-29
Published:2007-03-29
Updated:2017-07-29
Summary:The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function.
This vulnerability is addressed in the following product advisory:
http://www-1.ibm.com/support/docview.wss?uid=swg21257029
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-1784

Source: IDEFENSE
Type: UNKNOWN
20070329 IBM Lotus Sametime JNILoader Arbitrary DLL Load Vulnerability

Source: CCN
Type: SECTRACK ID: 1017828
IBM Lotus Sametime Buffer Overflow in STJNILoader.ocx ActiveX Control Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: IBM Technote (FAQ) 1257029
IBM Lotus Sametime JNILoader Vulnerability

Source: CONFIRM
Type: Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21257029

Source: CCN
Type: OSVDB ID: 35211
IBM Lotus Sametime JNILoader ActiveX (STJNILoader.ocx) Remote Code Execution

Source: BID
Type: UNKNOWN
23201

Source: CCN
Type: BID-23201
IBM Lotus SameTime STJNILoader.OCX ActiveX Control LoadLibrary Input Validation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1017828

Source: XF
Type: UNKNOWN
sametime-stjniloader-code-execution(33314)

Source: XF
Type: UNKNOWN
sametime-stjniloader-code-execution(33314)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 03.29.07
IBM Lotus Sametime JNILoader Arbitrary DLL Load Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:lotus_sametime:*:*:*:*:*:*:*:* (Version <= 7.0)
  • OR cpe:/a:ibm:lotus_sametime:7.5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:lotus_sametime:7.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm lotus sametime *
    ibm lotus sametime 7.5
    ibm lotus sametime 7.0