CVE-2009-3518

IBM Installation Manager < 1.3.2 - Code Injection

Title source: rule

Description

Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname.

Exploits (1)

exploitdb WORKING POC VERIFIED

by bruiser · htmlremotewindows

https://www.exploit-db.com/exploits/9802

View Code ZIP pw:eip

References (3)

[Exploit] http://retrogod.altervista.org/9sg_ibm_uri.html

[Vendor Advisory] http://secunia.com/advisories/36906

[Vendor Advisory] http://www.vupen.com/english/advisories/2009/2792

Scores

EPSS 0.0836

EPSS Percentile 92.3%

Details

CWE

CWE-94

Status published

Products (5)

ibm/installation_manager 1.0

ibm/installation_manager 1.2.1

ibm/installation_manager 1.3.0

ibm/installation_manager 1.3.1

ibm/installation_manager < 1.3.2

Published Oct 01, 2009

Tracked Since Feb 18, 2026