Page 4 of 59 results (0.013 seconds)

CVSS: 9.3EPSS: 6%CPEs: 107EXPL: 1

Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR. Desbordamiento de buffer de memoria dinámica en xlssr.dll de Autonomy KeyView, como se usa en IBM Lotus Notes en versiones anteriores a 8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de un registro BIFF mal formado en un adjunto de hoja de cálculo Excel .xls. También conocido como SPR PRAD8E3HKR. • http://secunia.com/advisories/44624 http://securityreason.com/securityalert/8263 http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow http://www.ibm.com/support/docview.wss?uid=swg21500034 http://www.securityfocus.com/archive/1/518120/100/0/threaded http://www.securityfocus.com/bid/47962 https://exchange.xforce.ibmcloud.com/vulnerabilities/67619 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14203 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 9%CPEs: 16EXPL: 0

Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2. Una vulnerabilidad de inyección de argumentos en Lotus Notes de IBM versiones 8.0.x anteriores a 8.0.2 FP6 y versiones 8.5.x anteriores a 8.5.1 FP5, permite a los atacantes remotos ejecutar código arbitrario por medio de una URL cai:// que contiene una opción --launcher.library que especifica un nombre de ruta (path) de recurso compartido UNC para un archivo DLL, también se conoce como SPR PRAD82YJW2. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of malformed strings within cai:// URIs. The '--launcher.library' switch can be injected and directed to load a DLL from a network share. • http://secunia.com/advisories/43222 http://www-01.ibm.com/support/docview.wss?uid=swg21461514 http://www.vupen.com/english/advisories/2011/0295 http://zerodayinitiative.com/advisories/ZDI-11-051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14348 • CWE-20: Improper Input Validation •

CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0

IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG. IBM Lotus Notes v7.0, v8.0, y v8.5 almacena credenciales administrativas en cleartext en SURunAs.exe, lo que permite a usuarios locales obtener información sensible examinando ese archivo, conocido como SPR JSTN837SEG. • http://secunia.com/advisories/39507 http://www-01.ibm.com/support/docview.wss?uid=swg21427073 http://www.securityfocus.com/bid/39525 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14725 • CWE-255: Credentials Management Errors •

CVSS: 9.3EPSS: 29%CPEs: 70EXPL: 0

Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment. Desbordamiento de búfer en xlssr.dll en Autonomy KeyView XLS viewer(también conocido como File Viewer para Excel)usado en IBM Lotus Notes v5.x hasta v8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), y otros productos, permite a atacantes remotos ejecutar código a su elección a través de una manipulación de la hoja de cálculo .xls adjunta. • http://secunia.com/advisories/36472 http://secunia.com/advisories/36474 http://www-01.ibm.com/support/docview.wss?uid=swg21396492 http://www.securityfocus.com/bid/36042 http://www.securityfocus.com/bid/36124 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00 http://www.vupen.com/english/advisories/2009/2389 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 92%CPEs: 67EXPL: 0

Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file. Desbordamiento de búfer basado en pila en wp6sr.dll en el Autonomy KeyView SDK 10.4 y anteriores, como es usado en IBM Lotus Notes, productos Symantec Mail Security (SMS), productos Symantec BrightMail Appliance y productos Symantec Data Loss Prevention (DLP) permite a atacantes remotos ejecutar código de su elección mediante un fichero Word Perfect Document (WPD) manipulado. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774 http://osvdb.org/52713 http://secunia.com/advisories/34303 http://secunia.com/advisories/34307 http://secunia.com/advisories/34318 http://secunia.com/advisories/34355 http://securitytracker.com/id?1021856 http://securitytracker.com/id?1021857 http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21377573 http://www.kb.cert.org/vuls/id/276563 http://www.securityfocus.com/bid/34086 http://www.se • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •