Vulnerability CVE-2009-3037
Published: 2009-09-01   Modified: 2012-02-13

Description:
Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Symantec -> Brightmail appliance 
Symantec -> Data loss prevention detection servers 
Symantec -> Data loss prevention endpoint agents 
Symantec -> Mail security 
Symantec -> Mail security appliance 
IBM -> Lotus notes 
Autonomy -> Keyview 

 References:
http://www.vupen.com/english/advisories/2009/2389
http://www-01.ibm.com/support/docview.wss?uid=swg21396492
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00
http://www.securityfocus.com/bid/36124
http://www.securityfocus.com/bid/36042
http://secunia.com/advisories/36474
http://secunia.com/advisories/36472
Copyright 2024, cxsecurity.com

 

Back to Top