Memory corruption in Sametime - CVE-2016-0729
Published: August 28, 2017
Vulnerability identifier: #VU8015
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-0729
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
Sametime
Sametime
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in the Apache Xerces-C XML Parser library due to improper bounds checking during processing and error reporting. A remote attacker can send a specially crafted input documents and cause the library to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists in the Apache Xerces-C XML Parser library due to improper bounds checking during processing and error reporting. A remote attacker can send a specially crafted input documents and cause the library to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2016-0729
Update to version 9.0.1 FP1.