Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Symantec
  • Altiris Deployment Solution
  • Mail Security
  • Enforce
  • Data Loss Prevention Endpoint Agents
  • Data Loss Prevention Detection Servers
  • Brightmail
Autonomy
  • Keyview Viewer Sdk
  • Keyview Filter Sdk
  • Keyview Export Sdk
Ibm
  • Lotus Notes

Configuration 1 [-]

OR cpe:2.3:a:autonomy:keyview_export_sdk:*:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview_export_sdk:2.0:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview_export_sdk:9.2.0:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview_export_sdk:10:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview_export_sdk:10.3:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview_filter_sdk:*:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview_filter_sdk:2.0:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview_filter_sdk:9.2.0:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview_filter_sdk:10:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview_filter_sdk:10.3:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview_viewer_sdk:*:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview_viewer_sdk:2.0:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview_viewer_sdk:9.2.0:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview_viewer_sdk:10:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview_viewer_sdk:10.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:5.0.12:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5.5:*:fp2:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5.5:*:fp3:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5.6:*:fp2:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:7.0.2:*:fp1:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:altiris_deployment_solution:*:*:*:*:*:*:*:*
cpe:2.3:a:symantec:brightmail:5.0:*:appliance:*:*:*:*:*
cpe:2.3:a:symantec:data_loss_prevention_detection_servers:7.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1:*:linux:*:*:*:*:*
cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1:*:windows:*:*:*:*:*
cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:8.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:8.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:enforce:7.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:enforce:8.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:enforce:8.1:*:linux:*:*:*:*:*
cpe:2.3:a:symantec:enforce:8.1:*:windows:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0:*:appliance:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.0.24:*:appliance:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.1.181:*:smtp:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.1.182:*:smtp:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.1.189:*:smtp:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.1.200:*:smtp:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.10:*:microsoft_exchange:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.11:*:microsoft_exchange:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:6.0.6:microsoft_exchange:*:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:6.0.7:microsoft_exchange:*:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:7.5..4.29:*:domino:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:7.5.3.25:*:domino:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:7.5.5.32:*:domino:*:*:*:*:*
References
Link Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774
http://osvdb.org/52713
http://secunia.com/advisories/34303
http://secunia.com/advisories/34307 Vendor Advisory
http://secunia.com/advisories/34318
http://secunia.com/advisories/34355
http://securitytracker.com/id?1021856
http://securitytracker.com/id?1021857
http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21377573 Vendor Advisory
http://www.kb.cert.org/vuls/id/276563 US Government Resource
http://www.securityfocus.com/bid/34086
http://www.securitytracker.com/id?1021859
http://www.symantec.com/avcenter/security/Content/2009.03.17a.html Vendor Advisory
http://www.vupen.com/english/advisories/2009/0744 Vendor Advisory
http://www.vupen.com/english/advisories/2009/0756
http://www.vupen.com/english/advisories/2009/0757
https://customers.autonomy.com/support/secure/docs/Updates/Keyview/Filter%20SDK/10.4/kv_update_nti40_10.4.zip.readme.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/49284
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-03-18T15:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-10-14T00:00:00

Link: CVE-2008-4564

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2009-03-18T15:30:00.267

Modified: 2017-08-08T01:32:44.967

Link: CVE-2008-4564

JSON object: View

cve-icon Redhat Information

No data.

CWE