Intrusion Prevention

LifeSize.Room.Security.Bypass.Command.Execution

Description

This indicates an attempt to exploit a Security Bypass vulnerability in LifeSize Communications.
This vulnerability is due to the lack of proper input validation for the command line arguments passed to the various URL protocol handlers. It is possible to trigger this exploit without user interaction, simply by visiting a webpage.

Affected Products

LifeSize Communications LifeSize Room 4.7.18
LifeSize Communications LifeSize Room 3.5.3

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are not aware of any vendor supplied patches for this issue.

Other References

2011-2763