CVE Vulnerability

CVE-2008-2499

Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.zerodayinitiative.com/advisories/ZDI-08-028/ Third Party Advisory VDB Entry
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21303920 Vendor Advisory
http://www.securityfocus.com/bid/29328 Exploit Third Party Advisory
http://secunia.com/advisories/30309 Third Party Advisory
http://www.securitytracker.com/id?1020093 Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/1595/references Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42575 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:ibm:lotus_sametime:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_sametime:7.5.1:cf1:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_sametime:*:*:*:*:*:*:*:*
Information

Published : 2008-05-29 04:32

Updated : 2018-10-31 06:43

NVD link : CVE-2008-2499

Mitre link : CVE-2008-2499

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer