Vulnerability CVE-2009-3032


Published: 2010-03-05   Modified: 2012-02-13

Description:
Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow.

Vendor: Symantec
Product: Data loss prevention endpoint agents 
Version:
9.0.1
8.1.1
10.0
Product: Data loss prevention detection servers 
Version:
9.0.1
8.1.1
10.0
Product: Mail security 
Version:
8.0.2
8.0.1
8.0
7.5.8
7.5.7
7.5.6
7.5.5.32
7.5.4.29
7.5.3.25
6.0.8
6.0.7
6.0.6
5.0.13
5.0.12
5.0.11
5.0.1.189
5.0.1.182
5.0.1.181
5.0.0
Product: Brightmail gateway 
Version: 8.0;
Product: Im manager 2007 
Vendor: IBM
Product: Lotus notes 
Version: 8.5;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100304_00
http://www.securityfocus.com/bid/38468
http://www-01.ibm.com/support/docview.wss?uid=swg21440812
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=858

Related CVE
CVE-2019-4058
IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570.
CVE-2019-4011
IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr...
CVE-2018-2005
IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007
CVE-2019-4279
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.
CVE-2019-4119
IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145.
CVE-2019-4259
A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011.
CVE-2019-4204
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially l...
CVE-2018-1990
IBM Cloud App Management V2018.2.0, V2018.4.0, and V2018.4.1 could allow an attacker to obtain sensitive configuration information using a specially crafted HTTP request. IBM X-Force ID: 154283.

Copyright 2019, cxsecurity.com

 

Back to Top