CVSS: 9.3EPSS: 20%CPEs: 107EXPL: 0CVE-2011-1218
https://notcve.org/view.php?id=CVE-2011-1218
Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information. Desbordamiento de buffer en kvarcve.dll de Autonomy KeyView, como es utilizado en IBM Lotus Notes en versiones anteriores a la 8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de un adjunto .zip modificado. También conocido como SPR PRAD8E3NSP. NOTA: algunos de estos detalles han sido obtenidos de información de terceras partes. • http://secunia.com/advisories/44624 http://www.ibm.com/support/docview.wss?uid=swg21500034 http://www.securityfocus.com/bid/47962 https://exchange.xforce.ibmcloud.com/vulnerabilities/67625 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14238 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 8%CPEs: 107EXPL: 1CVE-2011-1512
https://notcve.org/view.php?id=CVE-2011-1512
Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR. Desbordamiento de buffer de memoria dinámica en xlssr.dll de Autonomy KeyView, como se usa en IBM Lotus Notes en versiones anteriores a 8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de un registro BIFF mal formado en un adjunto de hoja de cálculo Excel .xls. También conocido como SPR PRAD8E3HKR. • http://secunia.com/advisories/44624 http://securityreason.com/securityalert/8263 http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow http://www.ibm.com/support/docview.wss?uid=swg21500034 http://www.securityfocus.com/archive/1/518120/100/0/threaded http://www.securityfocus.com/bid/47962 https://exchange.xforce.ibmcloud.com/vulnerabilities/67619 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14203 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 34%CPEs: 70EXPL: 0CVE-2009-3037
https://notcve.org/view.php?id=CVE-2009-3037
Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment. Desbordamiento de búfer en xlssr.dll en Autonomy KeyView XLS viewer(también conocido como File Viewer para Excel)usado en IBM Lotus Notes v5.x hasta v8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), y otros productos, permite a atacantes remotos ejecutar código a su elección a través de una manipulación de la hoja de cálculo .xls adjunta. • http://secunia.com/advisories/36472 http://secunia.com/advisories/36474 http://www-01.ibm.com/support/docview.wss?uid=swg21396492 http://www.securityfocus.com/bid/36042 http://www.securityfocus.com/bid/36124 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00 http://www.vupen.com/english/advisories/2009/2389 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 93%CPEs: 67EXPL: 0CVE-2008-4564
https://notcve.org/view.php?id=CVE-2008-4564
Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file. Desbordamiento de búfer basado en pila en wp6sr.dll en el Autonomy KeyView SDK 10.4 y anteriores, como es usado en IBM Lotus Notes, productos Symantec Mail Security (SMS), productos Symantec BrightMail Appliance y productos Symantec Data Loss Prevention (DLP) permite a atacantes remotos ejecutar código de su elección mediante un fichero Word Perfect Document (WPD) manipulado. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774 http://osvdb.org/52713 http://secunia.com/advisories/34303 http://secunia.com/advisories/34307 http://secunia.com/advisories/34318 http://secunia.com/advisories/34355 http://securitytracker.com/id?1021856 http://securitytracker.com/id?1021857 http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21377573 http://www.kb.cert.org/vuls/id/276563 http://www.securityfocus.com/bid/34086 http://www.se • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 46%CPEs: 6EXPL: 0CVE-2007-5399
https://notcve.org/view.php?id=CVE-2007-5399
Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote attackers to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority, (8) Importance, or (9) X-MSMail-Priority header; (10) a long string at the beginning of an RFC2047 encoded-word in a header; (11) a long text string in an RFC2047 encoded-word in a header; or (12) a long Subject header, related to creation of an associated filename. Múltiples desbordamientos de búfer basados en montículo en emlsd.dll en el lector EML en Autonomy (anteriormente Verity) KeyView 10.3.0.0, usado en IBM Lotus Notes, permite a atacantes remotos ejecutar código de su elección a través de un campo largo(1) To(para) , (2) Cc, (3) Bcc, (4) From (desde), (5) Date, (6) Subject (Asunto), (7) Priority, (8) Importance, or (9)cabecera X-MSMail-Priority; (10) una cadena larga al comiezo de un palabra en la cabecera codificada RFC2047; (11)un texto largo al comienzo de un palabra en la cabecera codificada RFC2047; o (12) una cabecera de Subject(Asunto) larga, relacionada con la creación de un fichero asociado. • http://secunia.com/advisories/28209 http://secunia.com/advisories/28210 http://secunia.com/secunia_research/2007-91/advisory http://secunia.com/secunia_research/2007-92/advisory http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453 http://www.securityfocus.com/archive/1/490832/100/0/threaded http://www.securityfocus.com/archive/1/490833/100/0/threaded http://www.securityfocus.com/bid/28454 http://www.securitytracker.com/id?1019842 http://www.vupen.com/english&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •