Vulnerability Details : CVE-2013-3986
Public exploit exists!
IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension crash) via a crafted Audio Visual (AV) session.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-3986
Probability of exploitation activity in the next 30 days: 1.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2013-3986
-
IBM Lotus Sametime WebPlayer DoS
Disclosure Date: 2013-11-07First seen: 2020-04-26auxiliary/dos/misc/ibm_sametime_webplayer_dosThis module exploits a known flaw in the IBM Lotus Sametime WebPlayer version 8.5.2.1392 (and prior) to cause a denial of service condition against specific users. For this module to function the target user must be actively logged into the IBM Lotus Sametime server
CVSS scores for CVE-2013-3986
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-3986
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3986
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/84969
IBM Lotus Sametime WebPlayer denial of service CVE-2013-3986 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg21654041
IBM Security Bulletin: IBM Lotus Sametime WebPlayer Denial-of-Service (CVE-2013-3986)Vendor Advisory
Products affected by CVE-2013-3986
- cpe:2.3:a:ibm:lotus_sametime:8.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:lotus_sametime:8.5.2.1:*:*:*:*:*:*:*