Vulnerability CVE-2008-4564


Published: 2009-03-18   Modified: 2012-02-12

Description:
Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Autonomy
Product: Keyview viewer sdk 
Version:
9.2.0
2.0
10.4
10.3
10
Product: Keyview filter sdk 
Version:
9.2.0
2.0
10.4
10.3
10
Product: Keyview export sdk 
Version:
9.2.0
2.0
10.4
10.3
10
Vendor: Symantec
Product: Enforce 
Version:
8.1
8.0
7.0
Product: Data loss prevention detection servers 
Version:
8.1
8.0
7.0
Product: Data loss prevention endpoint agents 
Version: 8.1; 8.0;
Product: Mail security 
Version:
7.5.5.32
7.5.3.25
7.5..4.29
6.0.7
6.0.6
5.0.11
5.0.10
5.0.1.200
5.0.1.189
5.0.1.182
5.0.1.181
5.0.1
5.0.0.24
5.0.0
5.0
Product: Brightmail 
Version: 5.0;
Product: Altiris deployment solution 
Vendor: IBM
Product: Lotus notes 
Version:
8.0
7.0.3
7.0.2
7.0.1
7.0
6.5.6
6.5.5
6.5.4
6.5.3
6.5.2
6.5.1
6.5
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0
5.0.3
5.0.12

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.kb.cert.org/vuls/id/276563
https://customers.autonomy.com/support/secure/docs/Updates/Keyview/Filter%20SDK/10.4/kv_update_nti40_10.4.zip.readme.html
http://xforce.iss.net/xforce/xfdb/49284
http://xforce.iss.net/xforce/xfdb/49284
http://www.vupen.com/english/advisories/2009/0757
http://www.vupen.com/english/advisories/2009/0756
http://www.vupen.com/english/advisories/2009/0744
http://www.symantec.com/avcenter/security/Content/2009.03.17a.html
http://www.securitytracker.com/id?1021859
http://www.securityfocus.com/bid/34086
http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21377573
http://securitytracker.com/id?1021857
http://securitytracker.com/id?1021856
http://secunia.com/advisories/34355
http://secunia.com/advisories/34318
http://secunia.com/advisories/34307
http://secunia.com/advisories/34303
http://osvdb.org/52713
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774

Related CVE
CVE-2019-4259
A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.
CVE-2019-4204
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l...
CVE-2018-1990
IBM Cloud App Management V2018.2.0, V2018.4.0, and V2018.4.1 could allow an attacker to obtain sensitive configuration information using a specially crafted HTTP request. IBM X-Force ID: 154283.
CVE-2018-1790
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. I...
CVE-2019-4208
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. ...
CVE-2019-4207
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148.
CVE-2018-2008
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensitive information to an authenticated user that could aid in further attacks against the system. IBM X-Force ID: 155146.
CVE-2018-2001
IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID:...

Copyright 2019, cxsecurity.com

 

Back to Top