CVE-2008-1965
published 2008-04-25CVE-2008-1965: Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony…
PriorityP355critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
10.67%
95.2th percentile
Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | lotus_expeditor_client | — | — |
| ibm | lotus_expeditor_client | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for cai: URI handler invocations containing the '-launcher' argument, which indicates exploitation of the argument injection vulnerability in rcplauncher. ↗
- →Detect cai: URIs referencing UNC share pathnames (e.g., \\<IP>\<share>\<file>), as this is the demonstrated exploitation technique. ↗
- →Flag URL-encoded whitespace (%20) combined with '-launcher' within cai: URI strings, matching the known proof-of-concept payload pattern. ↗
- ·Affected versions are IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2; the exact full version range may be broader as the BID notes uncertainty. ↗
- ·The vulnerability is in the cai: URI handler component 'rcplauncher' and may affect any product bundling Lotus Expeditor, including Lotus Symphony. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0640.htmlhttp://secunia.com/advisories/29958http://thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerabilityhttp://www-1.ibm.com/support/docview.wss?uid=swg21303813http://www.securityfocus.com/archive/1/491343/100/0/threadedhttp://www.securityfocus.com/bid/28926http://www.securitytracker.com/id?1019951http://www.securitytracker.com/id?1019952http://www.vupen.com/english/advisories/2008/1394/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41990http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0640.htmlhttp://secunia.com/advisories/29958http://thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerabilityhttp://www-1.ibm.com/support/docview.wss?uid=swg21303813http://www.securityfocus.com/archive/1/491343/100/0/threadedhttp://www.securityfocus.com/bid/28926http://www.securitytracker.com/id?1019951http://www.securitytracker.com/id?1019952http://www.vupen.com/english/advisories/2008/1394/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41990
2008-04-25
Published