Ibm: >> Lotus Symphony >> 3.0.0.2 Security Vulnerabilities
Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file.
CVSS Score
9.3
EPSS Score
0.157
Published
2012-01-23
Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."
CVSS Score
10.0
EPSS Score
0.022
Published
2011-07-27
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via the sample .doc document that incorporates a user-defined toolbar.
CVSS Score
4.3
EPSS Score
0.013
Published
2011-07-27
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via a .docx document with empty bullet styles for parent bullets.
CVSS Score
4.3
EPSS Score
0.011
Published
2011-07-27
IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to cause a denial of service (application crash) via a certain sample document.
CVSS Score
4.3
EPSS Score
0.013
Published
2011-07-27
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application hang) via complex graphics in a presentation.
CVSS Score
4.3
EPSS Score
0.013
Published
2011-07-27
The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .xls spreadsheet with an invalid Value reference.
CVSS Score
4.3
EPSS Score
0.011
Published
2011-07-27