CVSS: 9.3EPSS: 34%CPEs: 70EXPL: 0CVE-2009-3037
https://notcve.org/view.php?id=CVE-2009-3037
Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment. Desbordamiento de búfer en xlssr.dll en Autonomy KeyView XLS viewer(también conocido como File Viewer para Excel)usado en IBM Lotus Notes v5.x hasta v8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), y otros productos, permite a atacantes remotos ejecutar código a su elección a través de una manipulación de la hoja de cálculo .xls adjunta. • http://secunia.com/advisories/36472 http://secunia.com/advisories/36474 http://www-01.ibm.com/support/docview.wss?uid=swg21396492 http://www.securityfocus.com/bid/36042 http://www.securityfocus.com/bid/36124 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00 http://www.vupen.com/english/advisories/2009/2389 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 93%CPEs: 67EXPL: 0CVE-2008-4564
https://notcve.org/view.php?id=CVE-2008-4564
Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file. Desbordamiento de búfer basado en pila en wp6sr.dll en el Autonomy KeyView SDK 10.4 y anteriores, como es usado en IBM Lotus Notes, productos Symantec Mail Security (SMS), productos Symantec BrightMail Appliance y productos Symantec Data Loss Prevention (DLP) permite a atacantes remotos ejecutar código de su elección mediante un fichero Word Perfect Document (WPD) manipulado. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774 http://osvdb.org/52713 http://secunia.com/advisories/34303 http://secunia.com/advisories/34307 http://secunia.com/advisories/34318 http://secunia.com/advisories/34355 http://securitytracker.com/id?1021856 http://securitytracker.com/id?1021857 http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21377573 http://www.kb.cert.org/vuls/id/276563 http://www.securityfocus.com/bid/34086 http://www.se • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 46%CPEs: 6EXPL: 0CVE-2007-5399
https://notcve.org/view.php?id=CVE-2007-5399
Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote attackers to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority, (8) Importance, or (9) X-MSMail-Priority header; (10) a long string at the beginning of an RFC2047 encoded-word in a header; (11) a long text string in an RFC2047 encoded-word in a header; or (12) a long Subject header, related to creation of an associated filename. Múltiples desbordamientos de búfer basados en montículo en emlsd.dll en el lector EML en Autonomy (anteriormente Verity) KeyView 10.3.0.0, usado en IBM Lotus Notes, permite a atacantes remotos ejecutar código de su elección a través de un campo largo(1) To(para) , (2) Cc, (3) Bcc, (4) From (desde), (5) Date, (6) Subject (Asunto), (7) Priority, (8) Importance, or (9)cabecera X-MSMail-Priority; (10) una cadena larga al comiezo de un palabra en la cabecera codificada RFC2047; (11)un texto largo al comienzo de un palabra en la cabecera codificada RFC2047; o (12) una cabecera de Subject(Asunto) larga, relacionada con la creación de un fichero asociado. • http://secunia.com/advisories/28209 http://secunia.com/advisories/28210 http://secunia.com/secunia_research/2007-91/advisory http://secunia.com/secunia_research/2007-92/advisory http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453 http://www.securityfocus.com/archive/1/490832/100/0/threaded http://www.securityfocus.com/archive/1/490833/100/0/threaded http://www.securityfocus.com/bid/28454 http://www.securitytracker.com/id?1019842 http://www.vupen.com/english&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 78%CPEs: 14EXPL: 0CVE-2007-5405
https://notcve.org/view.php?id=CVE-2007-5405
Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag. Múltiples desbordamientos de búfer en kpagrdr.dll 2.0.0.2 y 10.3.0.0 en el lector Applix Presents de Autonomy (anteriormente Verity) KeyView,usado por IBM Lotus Notes, Symantec Mail Security, y activePDF DocConverter, permite a atacantes remotos ejecutar código de su elección a través de un archivo .ag con (1)un atributo ENCODING largo en la etiqueta *BEGIN, (2) un token largo, o (3) la etiqueta inicial *BEGIN. • http://secunia.com/advisories/27763 http://secunia.com/advisories/28140 http://secunia.com/advisories/28209 http://secunia.com/advisories/28210 http://secunia.com/advisories/29342 http://secunia.com/secunia_research/2007-95/advisory http://secunia.com/secunia_research/2007-96/advisory http://secunia.com/secunia_research/2007-97/advisory http://secunia.com/secunia_research/2007-98/advisory http://securitytracker.com/id?1019805 http://www-1.ibm.com/support/docview.wss?rs=463& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 33%CPEs: 11EXPL: 0CVE-2007-5406
https://notcve.org/view.php?id=CVE-2007-5406
kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file. kpagrdr.dll 2.0.0.2 y 10.3.0.0 en el lector Applix Presents de Autonomy (anteriormente Verity) KeyView, usado por IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, no parsea adecuadamente los token largos, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y CPU) a través de un fichero .ag manipulado. • http://secunia.com/advisories/27763 http://secunia.com/advisories/28140 http://secunia.com/advisories/28209 http://secunia.com/advisories/28210 http://secunia.com/advisories/29342 http://secunia.com/secunia_research/2007-95/advisory http://secunia.com/secunia_research/2007-96/advisory http://secunia.com/secunia_research/2007-97/advisory http://secunia.com/secunia_research/2007-98/advisory http://securitytracker.com/id?1019805 http://www.securityfocus.com/archive/1/490825/100/0& •