Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2499

CWE-119 ā€” Buffer Overflow6 documents5 sources
Severity
7.5HIGH
EPSS
80.9%
top 0.85%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Lotus Sametime
Timeline
PublishedMay 29
Latest updateMay 1

Description

Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

ā–¶NVDibm/lotus_sametime8.0 ā€” 8.0.1+2

šŸ”“Vulnerability Details

2
GHSA
GHSA-9253-932v-rphr: Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMuxā†—2022-05-01
ā–¶
CVEList
CVE-2008-2499: Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMuxā†—2008-05-29
ā–¶

šŸ’„Exploits & PoCs

3
Exploit-DB
IBM Lotus Domino Sametime - 'STMux.exe' Remote Stack Buffer Overflow (Metasploit)ā†—2010-05-09
ā–¶
Exploit-DB
IBM Lotus Sametime 8.0 - Multiplexer Buffer Overflowā†—2008-05-21
ā–¶
Nuclei
Graphite <=1.1.5 - Server-Side Request Forgery
ā–¶
CVE-2008-2499 (HIGH CVSS 7.5) | Stack-based buffer overflow in the | cvebase.io