CVE-2008-1965
IBM Lotus Expeditor Client for Desktop <6.1.2 - Command Injection
Title source: llmDescription
Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Thomas Pollet · textremoteunix
https://www.exploit-db.com/exploits/31706
References (10)
Core 10
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28926
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41990
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019952
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1394/references
Exploit mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0640.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019951
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29958
Various Sources x_refsource_misc
http://thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerability
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/491343/100/0/threaded
Various Sources x_refsource_confirm
http://www-1.ibm.com/support/docview.wss?uid=swg21303813
Scores
EPSS
0.3786
EPSS Percentile
97.2%
Details
CWE
CWE-94
Status
published
Products (3)
ibm/lotus_expeditor_client
6.1.1
ibm/lotus_expeditor_client
6.1.2
ibm/lotus_symphany
Published
Apr 25, 2008
Tracked Since
Feb 18, 2026