Vulnerability Details CVE-2008-2499
Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.764
EPSS Ranking 98.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/30309
- http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21303920
- http://www.securityfocus.com/bid/29328
- http://www.securitytracker.com/id?1020093
- http://www.vupen.com/english/advisories/2008/1595/references
- http://www.zerodayinitiative.com/advisories/ZDI-08-028/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42575
- http://secunia.com/advisories/30309
- http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21303920
- http://www.securityfocus.com/bid/29328
- http://www.securitytracker.com/id?1020093
- http://www.vupen.com/english/advisories/2008/1595/references
- http://www.zerodayinitiative.com/advisories/ZDI-08-028/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42575
Products affected by CVE-2008-2499
-
cpe:2.3:a:ibm:lotus_sametime:-
-
cpe:2.3:a:ibm:lotus_sametime:1.5
-
cpe:2.3:a:ibm:lotus_sametime:2.5
-
cpe:2.3:a:ibm:lotus_sametime:7.0
-
cpe:2.3:a:ibm:lotus_sametime:7.5
-
cpe:2.3:a:ibm:lotus_sametime:7.5.1
-
cpe:2.3:a:ibm:lotus_sametime:8.0