CVE-2009-3518

Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
ibminstallation_manager
𝑥
≤ 1.3.2
ibminstallation_manager
1.0
ibminstallation_manager
1.2.1
ibminstallation_manager
1.3.0
ibminstallation_manager
1.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://retrogod.altervista.org/9sg_ibm_uri.html
http://secunia.com/advisories/36906
http://www.vupen.com/english/advisories/2009/2792
http://retrogod.altervista.org/9sg_ibm_uri.html
http://secunia.com/advisories/36906
http://www.vupen.com/english/advisories/2009/2792