CVE-2009-0880

IBM Director < 5.20.3 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/23203

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Bernhard Mueller · perllocalwindows

https://www.exploit-db.com/exploits/32845

View Code ZIP pw:eip

exploitdb WORKING POC

by kingcope · textremotewindows

https://www.exploit-db.com/exploits/23074

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Bernhard Mueller, kingcope, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/ibm_director_cim_dllinject.rb

View Code ZIP pw:eip

References (8)

[Third Party Advisory, VDB Entry] http://osvdb.org/52616

[Vendor Advisory] http://secunia.com/advisories/34212

[Patch, Vendor Advisory] http://www.vupen.com/english/advisories/2009/0656

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/49286

[Exploit] https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt

[Patch, Vendor Advisory] https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/501639/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/34065

Scores

EPSS 0.6356

EPSS Percentile 98.4%

Details

CWE

CWE-22

Status published

Products (15)

ibm/director 3.1.1

ibm/director 4.10

ibm/director 4.11

ibm/director 4.12

ibm/director 4.20

ibm/director 4.21

ibm/director 4.22

ibm/director 5.10.0

ibm/director 5.10.1

ibm/director 5.10.2

... and 5 more

Published Mar 12, 2009

Tracked Since Feb 18, 2026