CVE-2009-3037

Опубликовано: 01 сент. 2009

Источник: nvd

CVSS2: 9.3

EPSS Средний

Описание

Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.

Ссылки

http://secunia.com/advisories/36472
Vendor Advisory
http://secunia.com/advisories/36474
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21396492
Patch
Vendor Advisory
http://www.securityfocus.com/bid/36042
http://www.securityfocus.com/bid/36124
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00
http://www.vupen.com/english/advisories/2009/2389
Patch
Vendor Advisory
http://secunia.com/advisories/36472
Vendor Advisory
http://secunia.com/advisories/36474
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21396492
Patch
Vendor Advisory
http://www.securityfocus.com/bid/36042
http://www.securityfocus.com/bid/36124
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00
http://www.vupen.com/english/advisories/2009/2389
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:ibm:lotus_notes:5.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:5.0.9a:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:5.0.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:5.0.12:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:5.02:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:6.5.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:6.5.5:*:fp2:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:6.5.5:*:fp3:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:6.5.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:6.5.6:*:fp2:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:7.0.2:*:fp1:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*

cpe:2.3:a:symantec:brightmail_appliance:5.0:*:*:*:*:*:*:*

cpe:2.3:a:symantec:brightmail_appliance:8.0.0:*:*:*:*:*:*:*

cpe:2.3:a:symantec:brightmail_appliance:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:symantec:data_loss_prevention_detection_servers:7.2:*:*:*:*:*:*:*

cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1.1:*:linux:*:*:*:*:*

cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1.1:*:windows:*:*:*:*:*

cpe:2.3:a:symantec:data_loss_prevention_detection_servers:9.0.1:*:linux:*:*:*:*:*

cpe:2.3:a:symantec:data_loss_prevention_detection_servers:9.0.1:*:windows:*:*:*:*:*

cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:9.0.1:*:*:*:*:*:*:*

cpe:2.3:a:symantec:mail_security:5.0:*:smtp:*:*:*:*:*

cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*

cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*

cpe:2.3:a:symantec:mail_security:5.0.1.181:*:smtp:*:*:*:*:*

cpe:2.3:a:symantec:mail_security:5.0.1.182:*:smtp:*:*:*:*:*

cpe:2.3:a:symantec:mail_security:5.0.1.189:*:smtp:*:*:*:*:*

cpe:2.3:a:symantec:mail_security:5.0.1.200:*:smtp:*:*:*:*:*

cpe:2.3:a:symantec:mail_security:5.0.10:*:microsoft_exchange:*:*:*:*:*

cpe:2.3:a:symantec:mail_security:5.0.11:*:microsoft_exchange:*:*:*:*:*

cpe:2.3:a:symantec:mail_security:5.0.12:*:microsoft_exchange:*:*:*:*:*

cpe:2.3:a:symantec:mail_security:6.0.6:*:microsoft_exchange:*:*:*:*:*

cpe:2.3:a:symantec:mail_security:6.0.7:*:microsoft_exchange:*:*:*:*:*

cpe:2.3:a:symantec:mail_security:6.0.8:*:microsoft_exchange:*:*:*:*:*

cpe:2.3:a:symantec:mail_security:7.5.3.25:*:domino:*:*:*:*:*

cpe:2.3:a:symantec:mail_security:7.5.4.29:*:domino:*:*:*:*:*

cpe:2.3:a:symantec:mail_security:7.5.5.32:*:domino:*:*:*:*:*

cpe:2.3:a:symantec:mail_security:7.5.6:*:domino:*:*:*:*:*

cpe:2.3:a:symantec:mail_security:8.0:*:domino:*:*:*:*:*

cpe:2.3:a:symantec:mail_security_appliance:5.0:*:*:*:*:*:*:*

cpe:2.3:a:symantec:mail_security_appliance:5.0.0.24:*:*:*:*:*:*:*

cpe:2.3:a:symantec:mail_security_appliance:5.0.0.36:*:*:*:*:*:*:*

cpe:2.3:a:autonomy:keyview:*:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.18491

Средний

9.3 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-wx8c-4976-gv57

github

почти 4 года назад