Unrated severityNVD Advisory· Published Jan 23, 2012· Updated Jun 16, 2026
CVE-2012-0192
CVE-2012-0192
Description
Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file.
Affected products
5cpe:2.3:a:ibm:lotus_symphony:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:ibm:lotus_symphony:*:*:*:*:*:*:*:*range: <=3.0.0.3
- cpe:2.3:a:ibm:lotus_symphony:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_symphony:3.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_symphony:3.0.0.2:*:*:*:*:*:*:*
- (no CPE)range: <3.0.1
Patches
Vulnerability mechanics
References
5- secunia.com/advisories/47245nvdVendor Advisory
- www-01.ibm.com/support/docview.wssnvdVendor Advisory
- osvdb.org/78345nvd
- www.securityfocus.com/bid/51591nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/72424nvd
News mentions
0No linked articles in our index yet.