About Duffbert...

Duffbert's Random Musings is a blog where I talk about whatever happens to be running through my head at any given moment... I'm Thomas Duff, and you can find out more about me here...

Email Me!

Search This Site!

Custom Search

I'm published!

Co-author of the book IBM Lotus Sametime 8 Essentials: A User's Guide
SametimeBookCoverImage.jpg

Purchase on Amazon

Co-author of the book IBM Sametime 8.5.2 Administration Guide
SametimeAdminBookCoverImage.jpg

Purchase on Amazon

MiscLinks

BlogSphere RSS Feed RSS Feed

Downloads

LotusScript Progress Meter
Removing Icons In Workspace
MS Constants Notes database
My Writing/Speaking Credits
Privacy/Disclosure Statement

Visitor Count...



View My Stats

« Lotus Domino Server diiop Client Request Operation Remote Code Execution Vulnerability | Main| IBM Lotus Domino SMTP Multiple Filename Arguments Remote Code Execution Vulnerability »

IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability

Category IBM/Lotus
IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes. User interaction is required to exploit this vulnerability.

The specific flaw exists within the handling of malformed strings within cai:// URIs. The '--launcher.library' switch can be injected and directed to load a DLL from a network share. This will result in code execution under the context of the current user.

Vendor Response
IBM states:


Disclosure Timeline
2009-12-18 - Vulnerability reported to vendor
2011-02-07 - Coordinated public release of advisory

Posted by Thomas Admin Duff On 02/08/2011 | | Bookmark and Share

Post A Comment

:-D:-o:-p:-x:-(:-):-\:angry::cool::cry::emb::grin::huh::laugh::lips::rolleyes:;-)

Want to support this blog or just say thanks?

When you shop Amazon, start your shopping experience here.

When you do that, all your purchases during that session earn me an affiliate commission via the Amazon Affiliate program. You don't have to buy the book I linked you to (although I wouldn't complain!). Simply use that as your starting point.

Thanks!

Thomas "Duffbert" Duff

Ads of Relevance...

Monthly Archives