CVE-2008-2499

Опубликовано: 29 мая 2008

Источник: nvd

CVSS2: 7.5

EPSS Высокий

Описание

Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL.

Ссылки

http://secunia.com/advisories/30309
Third Party Advisory
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21303920
Vendor Advisory
http://www.securityfocus.com/bid/29328
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020093
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/1595/references
Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-028/
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/42575
Third Party Advisory
VDB Entry
http://secunia.com/advisories/30309
Third Party Advisory
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21303920
Vendor Advisory
http://www.securityfocus.com/bid/29328
Exploit
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020093
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/1595/references
Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-028/
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/42575
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:lotus_sametime:*:*:*:*:*:*:*:*

Версия до 7.5 (включая)

cpe:2.3:a:ibm:lotus_sametime:*:*:*:*:*:*:*:*

Версия от 8.0 (включая) до 8.0.1 (исключая)

cpe:2.3:a:ibm:lotus_sametime:7.5.1:cf1:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.80888

Высокий

7.5 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-9253-932v-rphr

github

почти 4 года назад