PT-2010-3200 · Ibm+1 · Spreadsheet Lotus 123+1

Published

2010-08-17

Updated

2013-02-07

CVE-2010-1525

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Autonomy KeyView versions 10.4 through 10.9

Description The issue is related to an integer underflow in the SpreadSheet Lotus 123 reader, which can lead to a denial of service or potentially allow the execution of arbitrary code. This is caused by a crafted size for an unspecified record type, resulting in a heap-based buffer overflow.

Recommendations For Autonomy KeyView versions 10.4 through 10.9, consider disabling the SpreadSheet Lotus 123 reader (wkssr.dll) as a temporary workaround to minimize the risk of exploitation. Restrict access to the affected module to prevent potential attacks until a fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2010-1525

Affected Products

Autonomy Keyview

Spreadsheet Lotus 123

PT-2010-3200 · Ibm+1 · Spreadsheet Lotus 123+1

CVE-2010-1525

Weakness Enumeration

Related Identifiers

Affected Products

References · 5