CVE-2007-1784

The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=495
http://www-1.ibm.com/support/docview.wss?uid=swg21257029	Vendor Advisory
http://www.securityfocus.com/bid/23201
http://www.securitytracker.com/id?1017828
https://exchange.xforce.ibmcloud.com/vulnerabilities/33314

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:lotus_sametime::::::::
	cpe:2.3:a:ibm:lotus_sametime:7.5:::::::*

History

No history.

Information

Published : 2007-03-31 01:19

Updated : 2023-12-10 10:40

NVD link : CVE-2007-1784

Mitre link : CVE-2007-1784

CVE.ORG link : CVE-2007-1784

JSON object : View

Products Affected

ibm

lotus_sametime

CWE

NVD-CWE-Other

{"id": "CVE-2007-1784", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-03-31T01:19:00.000", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=495", "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257029", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/23201", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1017828", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33314", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function."}, {"lang": "es", "value": "El control ActiveX JNILoader (STJNILoader.ocx) 3.1.0.26 en IBM Lotus Notes Sametime anterior a 7.5 permite a atacantes remotos cargar librerias DLL de su elecci\u00f3n y ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de argumentos de su elecci\u00f3n en la funci\u00f3n loadLibrary."}], "lastModified": "2017-07-29T01:30:59.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_sametime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EC83731-C73B-4891-8EBF-743938F841B2", "versionEndIncluding": "7.0"}, {"criteria": "cpe:2.3:a:ibm:lotus_sametime:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C5FF0F3-D0E6-4933-8826-50C5584D0615"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "This vulnerability is addressed in the following product advisory: \r\nhttp://www-1.ibm.com/support/docview.wss?uid=swg21257029"}