Search...

IBM Lotus Symphony Multiple Vulnerabilities (Windows)

2011-08-05T00:00:00

ID OPENVAS:1361412562310802227
Type openvas
Reporter Copyright (C) 2011 Greenbone Networks GmbH
Modified 2020-04-23T00:00:00

Description

This host is installed with IBM Lotus Symphony and is prone to multiple unspecified vulnerabilities.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# IBM Lotus Symphony Multiple Vulnerabilities (Windows)
#
# Authors:
# Sooraj KS &lt;kssooraj@secpod.com&gt;
#
# Copyright:
# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.802227");
  script_version("2020-04-23T08:43:39+0000");
  script_tag(name:"last_modification", value:"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)");
  script_tag(name:"creation_date", value:"2011-08-05 09:04:20 +0200 (Fri, 05 Aug 2011)");
  script_cve_id("CVE-2011-2884", "CVE-2011-2885", "CVE-2011-2886",
                "CVE-2011-2888", "CVE-2011-2893");
  script_bugtraq_id(48936);
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_name("IBM Lotus Symphony Multiple Vulnerabilities (Windows)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
  script_family("General");
  script_dependencies("gb_ibm_lotus_symphony_detect_win.nasl");
  script_mandatory_keys("IBM/Lotus/Symphony/Win/Ver");

  script_tag(name:"impact", value:"Successful exploitation will allow attacker to cause a denial of service.");

  script_tag(name:"affected", value:"IBM Lotus Symphony Version 3 before FP3.");

  script_tag(name:"insight", value:"Multiple flaws are due to unspecified errors related to,

  - critical security vulnerability issues.

  - sample .doc document that incorporates a user-defined toolbar.

  - a .docx document with empty bullet styles for parent bullets.

  - complex graphics in a presentation.

  - a large .xls spreadsheet with an invalid Value reference.");

  script_tag(name:"summary", value:"This host is installed with IBM Lotus Symphony and is prone to
  multiple unspecified vulnerabilities.");

  script_tag(name:"solution", value:"Upgrade to IBM Lotus Symphony version 3 FP3 or later.");

  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("version_func.inc");

version = get_kb_item("IBM/Lotus/Symphony/Win/Ver");
if(version =~ "^3\.")
{
  if(version_is_less_equal(version:version, test_version:"3.0.10289")){
    report = report_fixed_ver(installed_version:version, vulnerable_range:"Less than or equal to 3.0.10289");
    security_message(port: 0, data: report);
  }
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310802227", "type": "openvas", "bulletinFamily": "scanner", "title": "IBM Lotus Symphony Multiple Vulnerabilities (Windows)", "description": "This host is installed with IBM Lotus Symphony and is prone to\n multiple unspecified vulnerabilities.", "published": "2011-08-05T00:00:00", "modified": "2020-04-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802227", "reporter": "Copyright (C) 2011 Greenbone Networks GmbH", "references": [], "cvelist": ["CVE-2011-2886", "CVE-2011-2893", "CVE-2011-2884", "CVE-2011-2885", "CVE-2011-2888"], "lastseen": "2020-04-27T19:22:44", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["LOTUS_SYMPHONY_3_0_FP3.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:802227", "OPENVAS:802229", "OPENVAS:1361412562310802229"]}, {"type": "cve", "idList": ["CVE-2011-2885", "CVE-2011-2884", "CVE-2011-2886", "CVE-2011-2888", "CVE-2011-2893"]}], "modified": "2020-04-27T19:22:44", "rev": 2}, "score": {"value": 7.2, "vector": "NONE", "modified": "2020-04-27T19:22:44", "rev": 2}, "vulnersScore": 7.2}, "pluginID": "1361412562310802227", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# IBM Lotus Symphony Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802227\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-08-05 09:04:20 +0200 (Fri, 05 Aug 2011)\");\n script_cve_id(\"CVE-2011-2884\", \"CVE-2011-2885\", \"CVE-2011-2886\",\n \"CVE-2011-2888\", \"CVE-2011-2893\");\n script_bugtraq_id(48936);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"IBM Lotus Symphony Multiple Vulnerabilities (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_ibm_lotus_symphony_detect_win.nasl\");\n script_mandatory_keys(\"IBM/Lotus/Symphony/Win/Ver\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"IBM Lotus Symphony Version 3 before FP3.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to unspecified errors related to,\n\n - critical security vulnerability issues.\n\n - sample .doc document that incorporates a user-defined toolbar.\n\n - a .docx document with empty bullet styles for parent bullets.\n\n - complex graphics in a presentation.\n\n - a large .xls spreadsheet with an invalid Value reference.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with IBM Lotus Symphony and is prone to\n multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to IBM Lotus Symphony version 3 FP3 or later.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nversion = get_kb_item(\"IBM/Lotus/Symphony/Win/Ver\");\nif(version =~ \"^3\\.\")\n{\n if(version_is_less_equal(version:version, test_version:\"3.0.10289\")){\n report = report_fixed_ver(installed_version:version, vulnerable_range:\"Less than or equal to 3.0.10289\");\n security_message(port: 0, data: report);\n }\n}\n", "naslFamily": "General", "immutableFields": []}

{"openvas": [{"lastseen": "2017-09-04T14:20:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2886", "CVE-2011-2893", "CVE-2011-2884", "CVE-2011-2885", "CVE-2011-2888"], "description": "This host is installed with IBM Lotus Symphony and is prone to\n multiple unspecified vulnerabilities.", "modified": "2017-08-30T00:00:00", "published": "2011-08-05T00:00:00", "id": "OPENVAS:802227", "href": "http://plugins.openvas.org/nasl.php?oid=802227", "type": "openvas", "title": "IBM Lotus Symphony Multiple Vulnerabilities (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ibm_lotus_symphony_mult_vuln_win.nasl 7024 2017-08-30 11:51:43Z teissa $\n#\n# IBM Lotus Symphony Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Upgrade to IBM Lotus Symphony version 3 FP3 or later,\n For updates refer to http://www.ibm.com/software/lotus/symphony/home.nsf/home\n\n *****\n NOTE: Ignore this warning, if above mentioned patch is already applied.\n *****\";\n\ntag_impact = \"Successful exploitation will allow attacker to cause a denial of service.\n Impact Level: Application\";\ntag_affected = \"IBM Lotus Symphony Version 3 before FP3.\";\ntag_insight = \"Multiple flaws are due to unspecified errors related to,\n - critical security vulnerability issues.\n - sample .doc document that incorporates a user-defined toolbar.\n - a .docx document with empty bullet styles for parent bullets.\n - complex graphics in a presentation.\n - a large .xls spreadsheet with an invalid Value reference.\";\ntag_summary = \"This host is installed with IBM Lotus Symphony and is prone to\n multiple unspecified vulnerabilities.\";\n\nif(description)\n{\n script_id(802227);\n script_version(\"$Revision: 7024 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-30 13:51:43 +0200 (Wed, 30 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-05 09:04:20 +0200 (Fri, 05 Aug 2011)\");\n script_cve_id(\"CVE-2011-2884\", \"CVE-2011-2885\", \"CVE-2011-2886\",\n \"CVE-2011-2888\", \"CVE-2011-2893\");\n script_bugtraq_id(48936);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"IBM Lotus Symphony Multiple Vulnerabilities (Windows)\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_ibm_lotus_symphony_detect_win.nasl\");\n script_require_keys(\"IBM/Lotus/Symphony/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/45271\");\n script_xref(name : \"URL\" , value : \"https://www-304.ibm.com/support/docview.wss?uid=swg21505448\");\n script_xref(name : \"URL\" , value : \"http://www-03.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm\");\n script_xref(name : \"URL\" , value : \"https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm\");\n script_xref(name : \"URL\" , value : \"http://www-03.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get version from KB\nversion = get_kb_item(\"IBM/Lotus/Symphony/Win/Ver\");\nif(version =~ \"^3\\..*\")\n{\n ## Check for IBM Lotus Symphony Version 3 FP2 and prior.\n if(version_is_less_equal(version:version, test_version:\"3.0.10289\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-04T14:20:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2886", "CVE-2011-2893", "CVE-2011-2884", "CVE-2011-2885", "CVE-2011-2888", "CVE-2011-2887"], "description": "This host is installed with IBM Lotus Symphony and is prone to\n multiple unspecified vulnerabilities.", "modified": "2017-09-01T00:00:00", "published": "2011-08-05T00:00:00", "id": "OPENVAS:802229", "href": "http://plugins.openvas.org/nasl.php?oid=802229", "type": "openvas", "title": "IBM Lotus Symphony Multiple Vulnerabilities (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ibm_lotus_symphony_mult_vuln_lin.nasl 7044 2017-09-01 11:50:59Z teissa $\n#\n# IBM Lotus Symphony Multiple Vulnerabilities (Linux)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attacker to cause a denial of service.\n Impact Level: Application\";\ntag_affected = \"IBM Lotus Symphony Version 3 before FP3.\";\ntag_insight = \"Multiple flaws are due to unspecified errors related to,\n - critical security vulnerability issues.\n - sample .doc document that incorporates a user-defined toolbar.\n - a .docx document with empty bullet styles for parent bullets.\n - a certain sample document.\n - complex graphics in a presentation.\n - a large .xls spreadsheet with an invalid Value reference.\";\ntag_solution = \"Upgrade to IBM Lotus Symphony version 3 FP3 or later,\n For updates refer to http://www.ibm.com/software/lotus/symphony/home.nsf/home\";\ntag_summary = \"This host is installed with IBM Lotus Symphony and is prone to\n multiple unspecified vulnerabilities.\";\n\nif(description)\n{\n script_id(802229);\n script_version(\"$Revision: 7044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-01 13:50:59 +0200 (Fri, 01 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-05 09:04:20 +0200 (Fri, 05 Aug 2011)\");\n script_cve_id(\"CVE-2011-2884\", \"CVE-2011-2885\", \"CVE-2011-2886\",\n \"CVE-2011-2887\", \"CVE-2011-2888\", \"CVE-2011-2893\");\n script_bugtraq_id(48936);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"IBM Lotus Symphony Multiple Vulnerabilities (Linux)\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_ibm_lotus_symphony_detect_lin.nasl\");\n script_require_keys(\"IBM/Lotus/Symphony/Lin/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/45271\");\n script_xref(name : \"URL\" , value : \"https://www-304.ibm.com/support/docview.wss?uid=swg21505448\");\n script_xref(name : \"URL\" , value : \"http://www-03.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm\");\n script_xref(name : \"URL\" , value : \"https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm\");\n script_xref(name : \"URL\" , value : \"http://www-03.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get version from KB\nversion = get_kb_item(\"IBM/Lotus/Symphony/Lin/Ver\");\nif(version =~ \"^3\\..*\")\n{\n ## Check for IBM Lotus Symphony Version 3 before FP3\n if(version_is_less(version:version, test_version:\"3.0.0.FP3\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-04-27T19:22:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2886", "CVE-2011-2893", "CVE-2011-2884", "CVE-2011-2885", "CVE-2011-2888", "CVE-2011-2887"], "description": "This host is installed with IBM Lotus Symphony and is prone to\n multiple unspecified vulnerabilities.", "modified": "2020-04-23T00:00:00", "published": "2011-08-05T00:00:00", "id": "OPENVAS:1361412562310802229", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802229", "type": "openvas", "title": "IBM Lotus Symphony Multiple Vulnerabilities (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# IBM Lotus Symphony Multiple Vulnerabilities (Linux)\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802229\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-08-05 09:04:20 +0200 (Fri, 05 Aug 2011)\");\n script_cve_id(\"CVE-2011-2884\", \"CVE-2011-2885\", \"CVE-2011-2886\",\n \"CVE-2011-2887\", \"CVE-2011-2888\", \"CVE-2011-2893\");\n script_bugtraq_id(48936);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"IBM Lotus Symphony Multiple Vulnerabilities (Linux)\");\n\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_ibm_lotus_symphony_detect_lin.nasl\");\n script_mandatory_keys(\"IBM/Lotus/Symphony/Lin/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to cause a denial of service.\");\n script_tag(name:\"affected\", value:\"IBM Lotus Symphony Version 3 before FP3.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to unspecified errors related to,\n\n - critical security vulnerability issues.\n\n - sample .doc document that incorporates a user-defined toolbar.\n\n - a .docx document with empty bullet styles for parent bullets.\n\n - a certain sample document.\n\n - complex graphics in a presentation.\n\n - a large .xls spreadsheet with an invalid Value reference.\");\n script_tag(name:\"solution\", value:\"Upgrade to IBM Lotus Symphony version 3 FP3 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with IBM Lotus Symphony and is prone to\n multiple unspecified vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/45271\");\n script_xref(name:\"URL\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21505448\");\n script_xref(name:\"URL\", value:\"http://www-03.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm\");\n script_xref(name:\"URL\", value:\"https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm\");\n script_xref(name:\"URL\", value:\"http://www-03.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements\");\n script_xref(name:\"URL\", value:\"http://www.ibm.com/software/lotus/symphony/home.nsf/home\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nversion = get_kb_item(\"IBM/Lotus/Symphony/Lin/Ver\");\nif(version =~ \"^3\\..*\")\n{\n if(version_is_less(version:version, test_version:\"3.0.0.FP3\")){\n report = report_fixed_ver(installed_version:version, fixed_version:\"3.0.0.FP3\");\n security_message(port: 0, data: report);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-04-01T03:35:31", "description": "The version of IBM Lotus Symphony was found to be less than 3.0 Fix\nPack 3. Such versions are affected by multiple vulnerabilities:\n\n - Multiple unspecified vulnerabilities.\n (CVE-2011-2884)\n\n - Opening a .doc document with a user defined toolbar can \n cause an application crash. (CVE-2011-2885)\n\n - Opening a .docx document with empty bullet styles for \n parent bullets will cause an application crash. \n (CVE-2011-2886)\n\n - Opening in DataPilot a large .xls file that contains an\n invalid 'Value' reference, modifying it, and then\n saving it will cause an application crash.\n (CVE-2011-2893)\n\n - The application freezes when opening a presentation that\n contains many complex graphics. (CVE-2011-2888)", "edition": 28, "published": "2012-05-08T00:00:00", "title": "IBM Lotus Symphony < 3.0 Fix Pack 3 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2886", "CVE-2011-2893", "CVE-2011-2884", "CVE-2011-2885", "CVE-2011-2888"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:ibm:lotus_symphony"], "id": "LOTUS_SYMPHONY_3_0_FP3.NASL", "href": "https://www.tenable.com/plugins/nessus/59036", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(59036);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2011-2884\",\n \"CVE-2011-2885\",\n \"CVE-2011-2886\",\n \"CVE-2011-2888\",\n \"CVE-2011-2893\"\n );\n script_bugtraq_id(48936);\n\n script_name(english:\"IBM Lotus Symphony < 3.0 Fix Pack 3 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of IBM Lotus Symphony\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host has an application installed that is affected by\nmultiple vulnerabilities. \"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of IBM Lotus Symphony was found to be less than 3.0 Fix\nPack 3. Such versions are affected by multiple vulnerabilities:\n\n - Multiple unspecified vulnerabilities.\n (CVE-2011-2884)\n\n - Opening a .doc document with a user defined toolbar can \n cause an application crash. (CVE-2011-2885)\n\n - Opening a .docx document with empty bullet styles for \n parent bullets will cause an application crash. \n (CVE-2011-2886)\n\n - Opening in DataPilot a large .xls file that contains an\n invalid 'Value' reference, modifying it, and then\n saving it will cause an application crash.\n (CVE-2011-2893)\n\n - The application freezes when opening a presentation that\n contains many complex graphics. (CVE-2011-2888)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?67ef5d5e\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to IBM Lotus Symphony 3.0 Fix Pack 3 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:lotus_symphony\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"lotus_symphony_installed.nasl\");\n script_require_keys(\"SMB/Lotus_Symphony/Installed\");\n \n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\n\nappname = \"Lotus Symphony\";\n\nkb_base = \"SMB/Lotus_Symphony/\";\nport = get_kb_item(\"SMB/transport\");\n\nget_kb_item_or_exit(kb_base + \"Installed\");\nversion = get_kb_item_or_exit(kb_base + \"Version\");\n\n# extract build timestamp\nitem = eregmatch(pattern:\"([0-9]+)-([0-9]+)$\", string:version);\nif (isnull(item)) exit(1, \"Error parsing the version string (\"+version+\").\");\n\n# date/time\ndt = int(item[1]);\ntm = int(item[2]);\n\nif(\n dt < 20110707 ||\n (dt == 20110707 && tm < 1500)\n)\n{\n if (report_verbosity > 0)\n {\n path = get_kb_item(kb_base + \"Path\");\n ver_ui = get_kb_item(kb_base + \"Version_UI\");\n report = '\\n Path : ' + path + \n '\\n Installed version : ' + ver_ui +\n '\\n Fixed version : 3.0 Fix Pack 3 (3.0.0.20110707-1500)\\n';\n security_hole(port:port,extra:report);\n }\n else security_hole(port);\n exit(0);\n} \nelse audit(AUDIT_INST_VER_NOT_VULN, appname, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-02-02T05:51:04", "description": "IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via a .docx document with empty bullet styles for parent bullets.", "edition": 4, "cvss3": {}, "published": "2011-07-27T20:55:00", "title": "CVE-2011-2886", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2886"], "modified": "2017-08-29T01:29:00", "cpe": ["cpe:/a:ibm:lotus_symphony:3.0.0.1", "cpe:/a:ibm:lotus_symphony:3.0.0.2", "cpe:/a:ibm:lotus_symphony:3.0.0"], "id": "CVE-2011-2886", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2886", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ibm:lotus_symphony:3.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:lotus_symphony:3.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:lotus_symphony:3.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:04", "description": "Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to \"critical security vulnerability issues.\"", "edition": 4, "cvss3": {}, "published": "2011-07-27T20:55:00", "title": "CVE-2011-2884", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2884"], "modified": "2017-08-29T01:29:00", "cpe": ["cpe:/a:ibm:lotus_symphony:3.0.0.1", "cpe:/a:ibm:lotus_symphony:3.0.0.2", "cpe:/a:ibm:lotus_symphony:3.0.0"], "id": "CVE-2011-2884", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2884", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ibm:lotus_symphony:3.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:lotus_symphony:3.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:lotus_symphony:3.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:04", "description": "IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via the sample .doc document that incorporates a user-defined toolbar.", "edition": 4, "cvss3": {}, "published": "2011-07-27T20:55:00", "title": "CVE-2011-2885", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2885"], "modified": "2017-08-29T01:29:00", "cpe": ["cpe:/a:ibm:lotus_symphony:3.0.0.1", "cpe:/a:ibm:lotus_symphony:3.0.0.2", "cpe:/a:ibm:lotus_symphony:3.0.0"], "id": "CVE-2011-2885", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2885", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ibm:lotus_symphony:3.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:lotus_symphony:3.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:lotus_symphony:3.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:04", "description": "IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application hang) via complex graphics in a presentation.", "edition": 4, "cvss3": {}, "published": "2011-07-27T20:55:00", "title": "CVE-2011-2888", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2888"], "modified": "2017-08-29T01:29:00", "cpe": ["cpe:/a:ibm:lotus_symphony:3.0.0.1", "cpe:/a:ibm:lotus_symphony:3.0.0.2", "cpe:/a:ibm:lotus_symphony:3.0.0"], "id": "CVE-2011-2888", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2888", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ibm:lotus_symphony:3.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:lotus_symphony:3.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:lotus_symphony:3.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:04", "description": "The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .xls spreadsheet with an invalid Value reference.", "edition": 4, "cvss3": {}, "published": "2011-07-27T20:55:00", "title": "CVE-2011-2893", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2893"], "modified": "2017-08-29T01:29:00", "cpe": ["cpe:/a:ibm:lotus_symphony:3.0.0.1", "cpe:/a:ibm:lotus_symphony:3.0.0.2", "cpe:/a:ibm:lotus_symphony:3.0.0"], "id": "CVE-2011-2893", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2893", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ibm:lotus_symphony:3.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:lotus_symphony:3.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:lotus_symphony:3.0.0:*:*:*:*:*:*:*"]}]}