CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.6%
Added: 05/30/2008
CVE: CVE-2008-2499
BID: 29328
OSVDB: 45610
IBM Lotus Sametime is enterprise instant messaging and web conferencing software.
A buffer overflow vulnerability in the Community Services Multiplexer allows remote attackers to execute arbitrary commands by requesting a long, specially crafted URL.
Upgrade to Sametime 8.0.1 or apply one of the workarounds described in the Technote.
<http://www.zerodayinitiative.com/advisories/ZDI-08-028/>
Exploit works on IBM Lotus Sametime 8.0.
Windows 2000
Windows Server 2003