Multiple security vulnerabilities in IBM Lotus Symphony

Release date:
Updated on: 2012-4 4

Affected Systems:
IBM Lotus Symphony 3.0.1
IBM Lotus Symphony 3.0.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56755

IBM Lotus Symphony is a free office software released by IBM.

IBM Lotus Symphony 3.0.1 versions earlier than Fix Pack 2 and other versions have multiple vulnerabilities. Apart from one error that may cause some data leaks, the other vulnerabilities are located at: 1. manifest-related processing process; 2. process of processing PowerPoint files; 3. vclmi. when dll allocates memory for Embedded graphics objects, integer overflow exists. Attackers can exploit these vulnerabilities to obtain sensitive information or execute arbitrary code in the application context.

<* Source: vendor

Link: http://secunia.com/advisories/51451/
Http://www-03.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_301fixpack2_standalo
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

IBM
---
For this reason, IBM has released a Security Bulletin (IBM Lotus Symphony 3.0.1 Fix Pack 2 Release Notes) and corresponding patches:

IBM Lotus Symphony 3.0.1 Fix Pack 2 Release Notes: IBM Lotus Symphony 3.0.1 Fix Pack 2 Release Notes

Link: http://www-03.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_301fixpack2_standalo