CVSS: 9.3EPSS: 8%CPEs: 107EXPL: 1CVE-2011-1512
https://notcve.org/view.php?id=CVE-2011-1512
Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR. Desbordamiento de buffer de memoria dinámica en xlssr.dll de Autonomy KeyView, como se usa en IBM Lotus Notes en versiones anteriores a 8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de un registro BIFF mal formado en un adjunto de hoja de cálculo Excel .xls. También conocido como SPR PRAD8E3HKR. • http://secunia.com/advisories/44624 http://securityreason.com/securityalert/8263 http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow http://www.ibm.com/support/docview.wss?uid=swg21500034 http://www.securityfocus.com/archive/1/518120/100/0/threaded http://www.securityfocus.com/bid/47962 https://exchange.xforce.ibmcloud.com/vulnerabilities/67619 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14203 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 16%CPEs: 3EXPL: 0CVE-2010-1608
https://notcve.org/view.php?id=CVE-2010-1608
Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Desbordamiento de búfer basado en pila en IBM Lotus Notes v8.5 y v8.5fp1, y posiblemente otras versiones, permite a atacantes remotos ejecutar código arbitrario a través de vectores de ataque desconocidos, como lo demuestra el módulo vd_ln en VulnDisco v9.0. NOTA: a 22/02/2010, esta revelación no tiene información de acciones concretas. • http://secunia.com/advisories/38622 http://www.securityfocus.com/bid/38300 https://exchange.xforce.ibmcloud.com/vulnerabilities/58322 https://forum.immunityinc.com/board/thread/1161/vulndisco-9-0 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14489 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2010-1487
https://notcve.org/view.php?id=CVE-2010-1487
IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG. IBM Lotus Notes v7.0, v8.0, y v8.5 almacena credenciales administrativas en cleartext en SURunAs.exe, lo que permite a usuarios locales obtener información sensible examinando ese archivo, conocido como SPR JSTN837SEG. • http://secunia.com/advisories/39507 http://www-01.ibm.com/support/docview.wss?uid=swg21427073 http://www.securityfocus.com/bid/39525 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14725 • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 1CVE-2009-3032
https://notcve.org/view.php?id=CVE-2009-3032
Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow. Desbordamiento de entero en kvolefio.dll v8.5.0.8339 y v10.5.0.0 en Autonomy KeyView Filter SDK, tal y como se utiliza en IBM Lotus Notes v8.5, Symantec Mail Security para Microsoft Exchange desde v5.0.10 hasta v5.0.13, y otros productos, permite a atacantes dependientes del contexto ejecutar codigo arbitrario a traves de documentos OLE que inicianun desbordamiento de memoria dinamica. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=858 http://www-01.ibm.com/support/docview.wss?uid=swg21440812 http://www.securityfocus.com/bid/38468 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100304_00 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3114
https://notcve.org/view.php?id=CVE-2009-3114
The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K. El widget RSS reader en Lotus Notes de IBM versiones 8.0 y 8.5, guarda elementos de una fuente RSS como documentos HTML locales, lo que permite a los atacantes remotos ejecutar scripts arbitrarios en la Local Machine Zone de Internet Explorer por medio de un feed diseñado, también se conoce como SPR RGAU7RDJ9K. • http://secunia.com/advisories/36813 http://www-01.ibm.com/support/docview.wss?uid=swg21403834 http://www.scip.ch/?vuldb.4021 http://www.securityfocus.com/archive/1/506296/100/0/threaded http://www.securityfocus.com/bid/36305 • CWE-94: Improper Control of Generation of Code ('Code Injection') •