| Vulnerability Name: | CVE-2012-0192 (CCN-72424) | ||||||||
| Assigned: | 2011-12-14 | ||||||||
| Published: | 2012-01-19 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-189 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-0192 Source: OSVDB Type: UNKNOWN 78345 Source: CCN Type: SA47245 IBM Lotus Symphony Image Processing Integer Overflow Vulnerability Source: SECUNIA Type: Vendor Advisory 47245 Source: CCN Type: IBM Security Bulletin 1578684 Vulnerability in IBM Lotus Symphony related to graphic objects loading (CVE-2012-0192) Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21578684 Source: CCN Type: OSVDB ID: 78345 IBM Lotus Symphony Embedded Image File Handling Remote Overflow Source: BID Type: UNKNOWN 51591 Source: CCN Type: BID-51591 IBM Lotus Symphony Image Object Integer Overflow Vulnerability Source: XF Type: UNKNOWN lotus-symphony-vclmi-bo(72424) Source: XF Type: UNKNOWN lotus-symphony-vclmi-bo(72424) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||