CVE-2009-3037

Name of the Vulnerable Software and Affected Versions: Autonomy KeyView XLS viewer versions 5.x through 8.5.x IBM Lotus Notes versions 5.x through 8.5.x

Description: The issue is a buffer overflow in the xlssr.dll component of the Autonomy KeyView XLS viewer, which is used in various products including IBM Lotus Notes, Symantec Mail Security, Symantec BrightMail Appliance, and Symantec Data Loss Prevention. This allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.

Recommendations: For Autonomy KeyView XLS viewer versions 5.x through 8.5.x, consider disabling the xlssr.dll component until a patch is available. For IBM Lotus Notes versions 5.x through 8.5.x, restrict the handling of .xls spreadsheet attachments to minimize the risk of exploitation.