Unrated severityNVD Advisory· Published Oct 1, 2009· Updated Apr 23, 2026

CVE-2009-3518

Description

Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname.

Affected products

IBM/Installation Manager5 versions
cpe:2.3:a:ibm:installation_manager:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:ibm:installation_manager:*:*:*:*:*:*:*:*range: <=1.3.2
- cpe:2.3:a:ibm:installation_manager:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:installation_manager:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:installation_manager:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:installation_manager:1.3.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

retrogod.altervista.org/9sg_ibm_uri.htmlnvdExploit
secunia.com/advisories/36906nvdVendor Advisory
www.vupen.com/english/advisories/2009/2792nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000