PT-2010-1280 · Symantec+3 · Symantec Mail Security For Microsoft Exchange+3
Published
2010-03-05
·
Updated
2013-02-07
·
CVE-2009-3032
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Autonomy KeyView Filter SDK versions 8.5.0.8339 through 10.5.0.0
IBM Lotus Notes version 8.5
Symantec Mail Security for Microsoft Exchange versions 5.0.10 through 5.0.13
Description
The issue allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow due to an integer overflow in kvolefio.dll.
Recommendations
For Autonomy KeyView Filter SDK versions 8.5.0.8339 through 10.5.0.0, update to a version that fixes the integer overflow issue in kvolefio.dll.
For IBM Lotus Notes version 8.5, update to a version that includes a fixed Autonomy KeyView Filter SDK.
For Symantec Mail Security for Microsoft Exchange versions 5.0.10 through 5.0.13, update to a version that includes a fixed Autonomy KeyView Filter SDK.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Autonomy Keyview Filter Sdk
Ibm Lotus Notes
Exchange Server
Symantec Mail Security For Microsoft Exchange