CVE-2012-0192: Buffer Overflow
First published: Mon Jan 23 2012(Updated: )
Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Lotus Symphony | <=3.0.0.3 | |
| IBM Lotus Symphony | =1.3 | |
| IBM Lotus Symphony | =3.0.0.1 | |
| IBM Lotus Symphony | =3.0.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm lotus symphony
- version/ibm lotus symphony/3.0.0.3
- version/ibm lotus symphony/1.3
- version/ibm lotus symphony/3.0.0.1
- version/ibm lotus symphony/3.0.0.2