Release date:
Updated on:
Affected Systems:
IBM Lotus Notes 8.x
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2012-2174
IBM Lotus Notes is a desktop client that provides users with single-point access, helping them create, query, and share knowledge, collaborate with teams, and take appropriate actions.
IBM Lotus Notes 8.0.2, 8.5, 8.5.1, 8.5.2, and 8.5.3 have errors in the "notes" URI handler and can be exploited to execute arbitrary commands.
<* Source: vendor
Link: http://secunia.com/advisories/49601/
Http://www-304.ibm.com/support/docview.wss? Uid = swg21598348
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
For this reason, IBM has released a Security Bulletin (1598348) and corresponding patches:
1598348: Security Bulletin: IBM Lotus Notes URL Command Injection Remote Code Execution Vulnerability (CVE-2012-2174)
Link: http://www-304.ibm.com/support/docview.wss? Uid = swg21598348