Unrated severityNVD Advisory· Published Apr 25, 2008· Updated Apr 23, 2026

CVE-2008-1965

Description

Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.

Affected products

IBM/Lotus Expeditor Client2 versions
cpe:2.3:a:ibm:lotus_expeditor_client:6.1.1:*:desktop:*:*:*:*:*+ 1 more
- cpe:2.3:a:ibm:lotus_expeditor_client:6.1.1:*:desktop:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_expeditor_client:6.1.2:*:desktop:*:*:*:*:*
IBM/Lotus Symphany
cpe:2.3:a:ibm:lotus_symphany:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/fulldisclosure/2008-04/0640.htmlnvdExploit
www.securityfocus.com/bid/28926nvdExploit
secunia.com/advisories/29958nvd
thomas.pollet.googlepages.com/lotusexpeditorurihandlervulnerabilitynvd
www-1.ibm.com/support/docview.wssnvd
www.securityfocus.com/archive/1/491343/100/0/threadednvd
www.securitytracker.com/idnvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2008/1394/referencesnvd
exchange.xforce.ibmcloud.com/vulnerabilities/41990nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.030
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000