Vulnerability CVE-2010-1524

Vulnerability CVE-2010-1524

Published: 2010-08-17 Modified: 2012-02-13

Description:

The SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via unspecified vectors related to allocation of an array of pointers and "string indexing," which triggers memory corruption.

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
9.3/10	10/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Autonomy -> Keyview export sdk
Autonomy -> Keyview filter sdk
Autonomy -> Keyview viewer sdk

References:

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01

http://www.securityfocus.com/bid/41928

http://www-01.ibm.com/support/docview.wss?uid=swg21440812

http://secunia.com/secunia_research/2010-35/

Copyright 2024, cxsecurity.com