IBM Lotus Expeditor Bugs Let Remote Users Bypass Access Controls, Traverse the Directory, and Execute Code - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > IBM Lotus Expeditor

IBM Lotus Expeditor Bugs Let Remote Users Bypass Access Controls, Traverse the Directory, and Execute Code

SecurityTracker Alert ID: 1027195

SecurityTracker URL: http://securitytracker.com/id/1027195

CVE Reference: CVE-2012-0186, CVE-2012-0187, CVE-2012-0191 (Links to External Site)

Date: Jun 22 2012

Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 6.1.x, 6.2.x

Description: Several vulnerabilities were reported in IBM Lotus Expeditor. A remote user can execute arbitrary code on the target system. A remote user can bypass access controls. A remote user can view files on the target system.

A remote user can supply a specially crafted URL to exploit a flaw in the Eclipse Help component and view the locations of files [CVE-2012-0186]. The vendor has assigned SPR SAKL7QQG28 to this vulnerability.

A remote user can create a specially crafted DLL file in a directory or on a remote share (e.g., WebDAV, SMB share). When a file is loaded by the target user from the same directory, the application may load the remote user's DLL instead of the intended DLL and execute arbitrary code [CVE-2012-0187]. The code will run with the privileges of the target user. This type of exploit is also known as "binary planting" or "DLL preloading". The vendor has assigned SPR DKLN8K7TEA, RAKA89HPF2, JKAE893E7R and RAKA899QV5 to this vulnerability.

A remote user can supply a specially crafted header value to spoof a localhost request and bypass access controls [CVE-2012-0191]. The vendor has assigned SPR SAKL7QQG28 and MSTO89WRX8 to this vulnerability.

Impact: A remote user can bypass access controls.

A remote user can view file locations on the target system.

A remote user may be able to cause a target application to execute arbitrary code on the target user's system.

Solution: The vendor has issued a fix (6.2 FP5+Security Pack).

The vendor's advisory is available at:

http://www-01.ibm.com/support/docview.wss?uid=swg21575642

Vendor URL: www-01.ibm.com/support/docview.wss?uid=swg21575642 (Links to External Site)

Cause: Access control error, Input validation error

Underlying OS: Windows (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

(IBM Issues Fix for IBM Support Assistant) IBM Lotus Expeditor Bugs Let Remote Users Bypass Access Controls, Traverse the Directory, and Execute Code
IBM has issued a fix for IBM Support Assistant.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC