What is CVE-2008-2499?

CVE-2008-2499 is a vulnerability in N/a. Published 2008-05-29.

Is CVE-2008-2499 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2008-2499

Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL.

EPSS: 0.809 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

www.zerodayinitiative.com/advisories/ZDI-08-028/ (x_refsource_MISC)
1020093 (vdb-entry, x_refsource_SECTRACK)
sametime-stmux-bo(42575) (vdb-entry, x_refsource_XF)
ADV-2008-1595 (vdb-entry, x_refsource_VUPEN)
29328 (vdb-entry, x_refsource_BID)
30309 (x_refsource_SECUNIA, third-party-advisory)
www-1.ibm.com/support/docview.wss (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2008-2499?: CVE-2008-2499 is a vulnerability in N/a. Published 2008-05-29.
Is CVE-2008-2499 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.