Secunia Security Advisory - Thomas Pollet has reported a vulnerability in IBM Lotus Expeditor, which can be exploited by malicious people to compromise a user's system.
016a711b49fc7e707a8ee21a9054e0d03398cc2615eecade3e49dcbd3f498832
----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
Learn more:
https://secunia.com/network_software_inspector_2/
----------------------------------------------------------------------
TITLE:
IBM Lotus Expeditor Client for Desktop "cai" URI Handler Code
Execution
SECUNIA ADVISORY ID:
SA29958
VERIFY ADVISORY:
https://secunia.com/advisories/29958/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
REVISION:
1.2 originally posted 2008-04-30
SOFTWARE:
IBM Lotus Expeditor 6.x
https://secunia.com/product/18525/
DESCRIPTION:
Thomas Pollet has reported a vulnerability in IBM Lotus Expeditor,
which can be exploited by malicious people to compromise a user's
system.
The problem is that the application registers the "cai" URI handler,
which allows launching rcplauncher.exe with arbitrary command line
arguments. This can be exploited to execute arbitrary programs via
the "-launcher" argument.
The vulnerability affects Lotus Expeditor Client for Desktop versions
6.1.0, 6.1.1, and 6.1.2 on Windows systems using Internet Explorer.
SOLUTION:
Please contact IBM support for the patch.
PROVIDED AND/OR DISCOVERED BY:
Thomas Pollet
CHANGELOG:
2008-05-01: Updated "Description" section to include specific
affected versions.
2008-05-02: Added CVE reference.
ORIGINAL ADVISORY:
IBM:
https://www-1.ibm.com/support/docview.wss?uid=swg21303813
https://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061750.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
https://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
https://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------