IBM Security Bulletin: IBM Content Collector for Emails,IBM Content Collector for File Systems, IBM Content Collector for SharePoint and IBM Content Collector for IBM Connections affected by vulnerabilities in International Components for Unicode library

IBM Content Collector for Emails,IBM Content Collector for File Systems,IBM Content Collector for SharePoint and Content Collector for IBM Connections is affected by following vulnerabilities present in the International Components for Unicode (ICU) library. ICU is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. Another vulnerability in ICU could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read.

CVE(s): CVE-2016-7415

Affected product(s) and affected version(s):

IBM Content Collector for Emails 4.0 – 4.0.1
IBM Content Collector for File Systems 4.0 – 4.0.1
IBM Content Collector for SharePoint 4.0 – 4.0.1
IBM Content Collector for IBM Connections 4.0 – 4.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2zQmXjj
X-Force Database: http://ift.tt/2kw1oMC

The post IBM Security Bulletin: IBM Content Collector for Emails,IBM Content Collector for File Systems, IBM Content Collector for SharePoint and IBM Content Collector for IBM Connections affected by vulnerabilities in International Components for Unicode library appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2zQmZaV