(0day) IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability

CVE ID

CVE-2011-0912

CVSS Score

7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Affected Vendors

IBM

Affected Products

Lotus Notes

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes. User interaction is required to exploit this vulnerability.

The specific flaw exists within the handling of malformed strings within cai:// URIs. The '--launcher.library' switch can be injected and directed to load a DLL from a network share. This will result in code execution under the context of the current user.

Vendor Response

http://www-01.ibm.com/support/docview.wss?uid=swg21461514

Disclosure Timeline

2009-12-18 - Vulnerability reported to vendor
2011-02-07 - Coordinated public release of advisory

Credit

rgod

Published Advisories

ZDI-13-079: Oracle

• published 2013-05-10

ZDI-13-078: Oracle

• published 2013-05-10

ZDI-13-077: Oracle

• published 2013-05-10

ZDI-13-076: Oracle

• published 2013-05-10

ZDI-13-075: Oracle

• published 2013-05-10

Upcoming Advisories

Oracle

• reported 2013-05-14, 0 days ago

Adobe

• reported 2013-05-14, 0 days ago

Oracle

• reported 2013-05-14, 0 days ago

Apple

• reported 2013-05-14, 0 days ago

IBM

• reported 2013-05-14, 0 days ago

Recent Press

Google offers $20,000 prize in annual hack-off

• published Feb. 2, 2011, The Register

Pwn2Own 2011: Google offering $20,000 for Chrome sandbox ...

• published Feb. 2, 2011, ZDNet

Google Offers Bucks For Bugs In Its Web ...

• published Nov. 2, 2010, Dark Reading

How Microsoft ranks with the most tardy bug ...

• published Aug. 5, 2010, Network World

HP TippingPoint gives deadline to vendors

• published Aug. 5, 2010, International Business Times