URL handler vulnerability affects Lotus Symphony and Lotus Expeditor

Technote (troubleshooting)


Problem

IBM was made aware of a potential vulnerability in IBM® Lotus® Symphony which utilizes Lotus Expeditor code that may allow an attacker to execute malicious code on a user's workstation under certain circumstances.

Symptom

Information about this issue has been published at the following locations :
Full Disclosure Web site: http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061750.html

Bugtraq Web site : http://seclists.org/bugtraq/2008/Apr/0277.html


Resolving the problem

Remove the following key from the Microsoft Windows Registry:
HKEY_CLASSES_ROOT\cai\shell\open\command

This action will remove any application from being considered the default CAI URL handler.


This specific issue was reported to IBM Quality Engineering as SPR # PRAD7E2LQ4 and is currently under investigation.

Products impacted

Lotus Expeditor Client for Desktop versions 6.1.1 and 6.1.2 have been found to be vulnerable.
A fix for this issue is available for download From Fix Central as Lotus Expeditor 6.1.1 Client for Desktop IFix 4 and 6.1.2 Client for Desktop IFix 1.

Please see the following document for details on the fixes:
6.1.1 IFix 4
http://www-01.ibm.com/support/docview.wss?uid=swg21303813

Lotus Symphony (stand-alone) is currently a beta product which will incorporate a fix when it is finally released.

Additional Information:

This vulnerability was found to be isolated to the Windows operating system and occurs when using Internet Explorer. The issue does not exist under the Mozilla Firefox web browser.


Security Rating using Common Vulnerability Scoring System (CVSS) v2
CVSS Base Score: < 9.3 >
---- Impact Subscore: < 10 >
---- Exploitability Subscore: < 8.6 >
CVSS Temporal Score: < 7.3 >
CVSS Environmental Score: < Undefined* >
Overall CVSS Score: < 7.3 >
Base Score Metrics:
  • Related exploit range/Attack Vector: < Network >
  • Access Complexity: < Medium >
  • Authentication < None >
  • Confidentiality Impact: < Complete >
  • Integrity Impact: < Complete >
  • Availability Impact: < Complete >
Temporal Score Metrics:
  • Exploitability: < Proof of Concept Code>
  • Remediation Level: < Official Fix >
  • Report Confidence: < Confirmed >
References:

*The CVSS Environment Score is customer environment-specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the referenced links.

Cross reference information
Segment Product Component Platform Version Edition
Mobile- Speech and Enterprise Access Lotus Expeditor Client for Desktop Linux, Windows 6.1.2, 6.1.1
Applications - Desktop & Enterprise Lotus Symphony Presentation editor Windows Beta 4
Applications - Desktop & Enterprise Lotus Symphony Spreadsheet editor Windows Beta 4

Rate this page:

(0 users)Average rating

Document information


More support for:

Lotus Symphony
Document editor

Software version:

1.0

Operating system(s):

Windows

Reference #:

1303813

Modified date:

2008-05-02

Translate my page

Machine Translation

Content navigation