CVE-2012-0192

Name of the Vulnerable Software and Affected Versions IBM Lotus Symphony versions prior to 3.0.1

Description The issue is related to multiple integer overflows in the vclmi.dll component of the visual class library module. This could allow remote attackers to execute arbitrary code through embedded JPEG or PNG image objects in a Symphony document, potentially triggering a heap-based buffer overflow. This has been demonstrated using a .doc file.

Recommendations For versions prior to 3.0.1, update to version 3.0.1 or later to resolve the issue.