----------------------------------------------------------------------

Secunia Network Software Inspector 2.0 (NSI) - Public Beta

The Public Beta has ended. Thanks to all that participated.

Learn more:
http://secunia.com/network_software_inspector_2/

----------------------------------------------------------------------

TITLE:
IBM Lotus Expeditor Client for Desktop "cai" URI Handler Code
Execution

SECUNIA ADVISORY ID:
SA29958

VERIFY ADVISORY:
http://secunia.com/advisories/29958/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

REVISION:
1.2 originally posted 2008-04-30

SOFTWARE:
IBM Lotus Expeditor 6.x
http://secunia.com/product/18525/

DESCRIPTION:
Thomas Pollet has reported a vulnerability in IBM Lotus Expeditor,
which can be exploited by malicious people to compromise a user's
system.

The problem is that the application registers the "cai" URI handler,
which allows launching rcplauncher.exe with arbitrary command line
arguments. This can be exploited to execute arbitrary programs via
the "-launcher" argument.

The vulnerability affects Lotus Expeditor Client for Desktop versions
6.1.0, 6.1.1, and 6.1.2 on Windows systems using Internet Explorer.

SOLUTION:
Please contact IBM support for the patch.

PROVIDED AND/OR DISCOVERED BY:
Thomas Pollet

CHANGELOG:
2008-05-01: Updated "Description" section to include specific
affected versions.
2008-05-02: Added CVE reference.

ORIGINAL ADVISORY:
IBM:
http://www-1.ibm.com/support/docview.wss?uid=swg21303813

http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061750.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------