CVE-2008-2499

Current Description

Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL.

Basic Data

PublishedMay 29, 2008
Last ModifiedOctober 31, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIbmLotus Sametime********7.5
    2.3ApplicationIbmLotus Sametime7.5.1cf1******
    2.3ApplicationIbmLotus Sametime********8.08.0.1

Vulnerable Software List

VendorProductVersions
Ibm Lotus Sametime *, 7.5.1

References

NameSourceURLTags
30309http://secunia.com/advisories/30309SECUNIAThird Party Advisory
29328http://www.securityfocus.com/bid/29328BIDExploit Third Party Advisory VDB Entry
1020093http://www.securitytracker.com/id?1020093SECTRACKThird Party Advisory VDB Entry
ADV-2008-1595http://www.vupen.com/english/advisories/2008/1595/referencesVUPENThird Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-028/http://www.zerodayinitiative.com/advisories/ZDI-08-028/MISCThird Party Advisory VDB Entry
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21303920http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21303920CONFIRMVendor Advisory
sametime-stmux-bo(42575)https://exchange.xforce.ibmcloud.com/vulnerabilities/42575XFThird Party Advisory VDB Entry