CVE-2011-0912 - OpenCVE

Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Lotus Notes

Configuration 1 [-]

OR	cpe:2.3:a:ibm:lotus_notes:8.0:::::::*
	cpe:2.3:a:ibm:lotus_notes:8.0.1:::::::*
	cpe:2.3:a:ibm:lotus_notes:8.0.2:::::::*
	cpe:2.3:a:ibm:lotus_notes:8.0.2.0:::::::*
	cpe:2.3:a:ibm:lotus_notes:8.0.2.1:::::::*
	cpe:2.3:a:ibm:lotus_notes:8.0.2.2:::::::*
	cpe:2.3:a:ibm:lotus_notes:8.0.2.3:::::::*
	cpe:2.3:a:ibm:lotus_notes:8.0.2.4:::::::*
	cpe:2.3:a:ibm:lotus_notes:8.0.2.5:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:ibm:lotus_notes:8.5.0.0:::::::*
	cpe:2.3:a:ibm:lotus_notes:8.5.0.1:::::::*
	cpe:2.3:a:ibm:lotus_notes:8.5.1.0:::::::*
	cpe:2.3:a:ibm:lotus_notes:8.5.1.1:::::::*
	cpe:2.3:a:ibm:lotus_notes:8.5.1.2:::::::*
	cpe:2.3:a:ibm:lotus_notes:8.5.1.3:::::::*
	cpe:2.3:a:ibm:lotus_notes:8.5.1.4:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/43222
http://www-01.ibm.com/support/docview.wss?uid=swg21461514
http://www.vupen.com/english/advisories/2011/0295
http://zerodayinitiative.com/advisories/ZDI-11-051/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14348

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-02-08T21:00:00

Updated: 2024-08-06T22:05:54.532Z

Reserved: 2011-02-08T00:00:00

Link: CVE-2011-0912

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-02-08T22:00:02.367

Modified: 2017-09-19T01:32:15.630

Link: CVE-2011-0912

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-02-04T00:00:00", "descriptions": [{"lang": "en", "value": "Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://zerodayinitiative.com/advisories/ZDI-11-051/"}, {"name": "43222", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43222"}, {"name": "oval:org.mitre.oval:def:14348", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14348"}, {"name": "ADV-2011-0295", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0295"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-0912", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://zerodayinitiative.com/advisories/ZDI-11-051/", "refsource": "MISC", "url": "http://zerodayinitiative.com/advisories/ZDI-11-051/"}, {"name": "43222", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43222"}, {"name": "oval:org.mitre.oval:def:14348", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14348"}, {"name": "ADV-2011-0295", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0295"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:05:54.532Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://zerodayinitiative.com/advisories/ZDI-11-051/"}, {"name": "43222", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43222"}, {"name": "oval:org.mitre.oval:def:14348", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14348"}, {"name": "ADV-2011-0295", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0295"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-0912", "datePublished": "2011-02-08T21:00:00", "dateReserved": "2011-02-08T00:00:00", "dateUpdated": "2024-08-06T22:05:54.532Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "692E295E-E650-42D5-AF7A-D6276C3D76E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "50660BA1-A24A-4DBF-AB59-1CF04FA54120", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5759CBCB-7B3F-462A-B51A-FD2C6B13CCE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "69A79FA5-83FB-4067-B2A6-17EAF3947998", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "17815F4E-BB34-40D2-A3EE-3C7741940D1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "7DE79982-9E92-498A-B961-55CB1D2D104F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "F6814E3F-479C-4F56-BF66-C685E60CCA34", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "BB9EF5DE-4432-4099-AD59-CDD52E387BB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "A1013797-0442-46A7-A94F-354388BA6B69", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "57D24791-E798-4B08-A051-E880DEFB8268", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2758590C-67FD-4DD6-84C1-0D32264BBE5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0B0CF8A5-BC24-4204-BC06-2E1E2FB60E4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "CDA723DB-62C5-4C84-B0BA-5313FDA49D73", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "92F08B96-D43E-407E-839C-4C3C5BB58B2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "5E50C779-C780-45FB-BC77-B9717389D2EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "867779A4-A7A5-48AD-9AC0-C6476719A5EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de argumentos en Lotus Notes de IBM versiones 8.0.x anteriores a 8.0.2 FP6 y versiones 8.5.x anteriores a 8.5.1 FP5, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una URL cai:// que contiene una opci\u00f3n --launcher.library que especifica un nombre de ruta (path) de recurso compartido UNC para un archivo DLL, tambi\u00e9n se conoce como SPR PRAD82YJW2."}], "id": "CVE-2011-0912", "lastModified": "2017-09-19T01:32:15.630", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-02-08T22:00:02.367", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43222"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0295"}, {"source": "cve@mitre.org", "url": "http://zerodayinitiative.com/advisories/ZDI-11-051/"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14348"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}