CVE-2009-3518

Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname.

Published: Oct 1, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-3518
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
ibm / installation_manager	1.0	1.0.x
ibm / installation_manager	1.2.1	1.2.1.x
ibm / installation_manager	1.3.0	1.3.0.x
ibm / installation_manager	1.3.1	1.3.1.x
ibm / installation_manager	-	1.3.2.x

http://retrogod.altervista.org/9sg_ibm_uri.html
http://secunia.com/advisories/36906
http://www.vupen.com/english/advisories/2009/2792

Vulnerability Database

290,020

CVE-2009-3518