CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.0%
Added: 06/20/2008
CVE: CVE-2008-1965
BID: 28926
OSVDB: 44868
Lotus Expeditor is a desktop integration framework used by Lotus products including Lotus Symphony.
Lotus Expeditor registers a handler for **cai:**
URIs which passes arbitrary arguments to **rcplauncher.exe**
. This allows command execution when a user loads a specially crafted **cai:**
web page which uses the **-launcher**
argument.
Remove the following registry key: **HKEY_CLASSES_ROOT\cai\shell\open\command**
<http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0640.html>
<http://www-1.ibm.com/support/docview.wss?uid=swg21303813>
Exploit works on IBM Lotus Symphony 1.0 Beta 4. Before the exploit can succeed the **exploit.exe**
file must be downloaded from the exploit server and placed on an SMB share which is accessible from the target system.
Windows