CVE-2012-6277

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code."

Múltiples vulnerabilidades no especificadas en Autonomy KeyView IDOL versiones anteriores a 10.16, como es usado en Symantec Mail Security para Microsoft Exchange versiones anteriores a 6.5.8, Symantec Mail Security para Domino versiones anteriores a 8.1.1, Symantec Messaging Gateway versiones anteriores a 10.0.1, Symantec Data Loss Prevention (DLP) versiones anteriores a 11.6.1, IBM Notes versiones 8.5.x, IBM Lotus Domino versiones 8.5.x anteriores a 8.5.3 FP4, y otros productos, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) por medio de un archivo diseñado, relacionado con "una serie de problemas subyacentes" en los que "algunos de estos casos demostraron corrupción de la memoria con una entrada controlada por el atacante y podrían ser explotados para ejecutar código arbitrario".

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-12-06 CVE Reserved
2020-02-21 CVE Published
2023-03-10 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://tools.cisco.com/security/center/viewAlert.x?alertId=27482	Third Party Advisory
https://vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277	Third Party Advisory
https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities	Third Party Advisory
https://www.kb.cert.org/vuls/id/849841	Third Party Advisory
https://www.securityfocus.com/bid/56610	Third Party Advisory
https://www.tenable.com/plugins/nessus/67192	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://support.symantec.com/us/en/article.symsa1262.html	2020-03-04
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277	2020-03-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ibm Search vendor "Ibm"		Domino Search vendor "Ibm" for product "Domino"				>= 8.5.0 <= 8.5.3.6 Search vendor "Ibm" for product "Domino" and version " >= 8.5.0 <= 8.5.3.6"		-		Affected
Ibm Search vendor "Ibm"		Notes Search vendor "Ibm" for product "Notes"				>= 8.5 <= 8.5.3 Search vendor "Ibm" for product "Notes" and version " >= 8.5 <= 8.5.3"		-		Affected
Symantec Search vendor "Symantec"		Data Loss Prevention Endpoint Search vendor "Symantec" for product "Data Loss Prevention Endpoint"				>= 11.0 < 11.6.1 Search vendor "Symantec" for product "Data Loss Prevention Endpoint" and version " >= 11.0 < 11.6.1"		-		Affected
Symantec Search vendor "Symantec"		Data Loss Prevention Enforce\/detection Servers Search vendor "Symantec" for product "Data Loss Prevention Enforce\/detection Servers"				>= 11.0 < 11.6.1 Search vendor "Symantec" for product "Data Loss Prevention Enforce\/detection Servers" and version " >= 11.0 < 11.6.1"		linux		Affected
Symantec Search vendor "Symantec"		Data Loss Prevention Enforce\/detection Servers Search vendor "Symantec" for product "Data Loss Prevention Enforce\/detection Servers"				>= 11.0 < 11.6.1 Search vendor "Symantec" for product "Data Loss Prevention Enforce\/detection Servers" and version " >= 11.0 < 11.6.1"		windows		Affected
Symantec Search vendor "Symantec"		Mail Security Search vendor "Symantec" for product "Mail Security"				<= 6.5.7 Search vendor "Symantec" for product "Mail Security" and version " <= 6.5.7"		microsoft_exchange		Affected
Symantec Search vendor "Symantec"		Mail Security Search vendor "Symantec" for product "Mail Security"				<= 8.1.0 Search vendor "Symantec" for product "Mail Security" and version " <= 8.1.0"		domino		Affected
Symantec Search vendor "Symantec"		Mail Security Search vendor "Symantec" for product "Mail Security"				6.5.7 Search vendor "Symantec" for product "Mail Security" and version "6.5.7"		-		Affected
Symantec Search vendor "Symantec"		Messaging Gateway Search vendor "Symantec" for product "Messaging Gateway"				>= 9.5 < 10.0.1 Search vendor "Symantec" for product "Messaging Gateway" and version " >= 9.5 < 10.0.1"		-		Affected
Hp Search vendor "Hp"		Autonomy Keyview Idol Search vendor "Hp" for product "Autonomy Keyview Idol"				< 10.16 Search vendor "Hp" for product "Autonomy Keyview Idol" and version " < 10.16"		-		Affected