Unrated severityNVD Advisory· Published Jan 23, 2012· Updated Apr 29, 2026

CVE-2012-0192

Description

Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file.

Affected products

IBM/Lotus Symphony4 versions
cpe:2.3:a:ibm:lotus_symphony:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:ibm:lotus_symphony:*:*:*:*:*:*:*:*range: <=3.0.0.3
- cpe:2.3:a:ibm:lotus_symphony:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_symphony:3.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_symphony:3.0.0.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/47245nvdVendor Advisory
www-01.ibm.com/support/docview.wssnvdVendor Advisory
osvdb.org/78345nvd
www.securityfocus.com/bid/51591nvd
exchange.xforce.ibmcloud.com/vulnerabilities/72424nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000