IBM Lotus Symphony Image Object Integer Overflow Vulnerability

Bugtraq ID:	51591
Class:	Input Validation Error
CVE:	CVE-2012-0192
Remote:	Yes
Local:	No
Published:	Jan 20 2012 12:00AM
Updated:	Feb 24 2012 06:50PM
Credit:	Tielei Wang of Secunia
Vulnerable:	IBM Lotus Symphony 3.0.0 FP 3 rev 20110
Not Vulnerable:	IBM Lotus Symphony 3.0.1

IBM Lotus Symphony Image Object Integer Overflow Vulnerability

IBM Lotus Symphony is prone to an integer-overflow vulnerability because it fails to properly validate user-supplied input.

Successful exploits may allow attackers to execute arbitrary code in the context of affected applications. Failed exploit attempts will likely result in denial-of-service conditions.

IBM Lotus Symphony 3.0.0 FP3 revision 20110707.1500 is vulnerable; other versions may also be affected.

IBM Lotus Symphony Image Object Integer Overflow Vulnerability

A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.

IBM Lotus Symphony Image Object Integer Overflow Vulnerability

Solution:
Updates are available. Please see the references for more information.

IBM Lotus Symphony Image Object Integer Overflow Vulnerability

References:

• IBM Homepage (IBM)
  
• Lotus Symphony Homepage (IBM)
  
• Security Bulletin: Vulnerability in IBM Lotus Symphony related to graphic object (IBM)