CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 1CVE-2009-3032
https://notcve.org/view.php?id=CVE-2009-3032
Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow. Desbordamiento de entero en kvolefio.dll v8.5.0.8339 y v10.5.0.0 en Autonomy KeyView Filter SDK, tal y como se utiliza en IBM Lotus Notes v8.5, Symantec Mail Security para Microsoft Exchange desde v5.0.10 hasta v5.0.13, y otros productos, permite a atacantes dependientes del contexto ejecutar codigo arbitrario a traves de documentos OLE que inicianun desbordamiento de memoria dinamica. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=858 http://www-01.ibm.com/support/docview.wss?uid=swg21440812 http://www.securityfocus.com/bid/38468 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100304_00 • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 2%CPEs: 2EXPL: 1CVE-2009-3036
https://notcve.org/view.php?id=CVE-2009-3036
Cross-site scripting (XSS) vulnerability in the console in Symantec IM Manager 8.3 and 8.4 before 8.4.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la consola en Symantec IM Manager v8.3 y v8.4 anteriores a v8.4.13 permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través de vectores sin especificar. • https://github.com/brinhosa/CVE-2009-3036 http://osvdb.org/62446 http://secunia.com/advisories/38672 http://www.securityfocus.com/bid/38241 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100218_00 http://www.vupen.com/english/advisories/2010/0438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •