1. CVE-Search
  2. CVE-2009-3032
ID CVE-2009-3032
Summary Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:brightmail_gateway:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:brightmail_gateway:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1.1:*:linux:*:*:*:*:*
    cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1.1:*:linux:*:*:*:*:*
  • cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1.1:*:windows:*:*:*:*:*
    cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1.1:*:windows:*:*:*:*:*
  • cpe:2.3:a:symantec:data_loss_prevention_detection_servers:9.0.1:*:linux:*:*:*:*:*
    cpe:2.3:a:symantec:data_loss_prevention_detection_servers:9.0.1:*:linux:*:*:*:*:*
  • cpe:2.3:a:symantec:data_loss_prevention_detection_servers:9.0.1:*:windows:*:*:*:*:*
    cpe:2.3:a:symantec:data_loss_prevention_detection_servers:9.0.1:*:windows:*:*:*:*:*
  • cpe:2.3:a:symantec:data_loss_prevention_detection_servers:10.0:*:linux:*:*:*:*:*
    cpe:2.3:a:symantec:data_loss_prevention_detection_servers:10.0:*:linux:*:*:*:*:*
  • cpe:2.3:a:symantec:data_loss_prevention_detection_servers:10.0:*:windows:*:*:*:*:*
    cpe:2.3:a:symantec:data_loss_prevention_detection_servers:10.0:*:windows:*:*:*:*:*
  • cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:8.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:im_manager_2007:*:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:im_manager_2007:*:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:5.0.1.181:*:smtp:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:5.0.1.181:*:smtp:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:5.0.1.182:*:smtp:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:5.0.1.182:*:smtp:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:5.0.1.189:*:smtp:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:5.0.1.189:*:smtp:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:5.0.11:*:microsoft_exchange:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:5.0.11:*:microsoft_exchange:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:5.0.12:*:microsoft_exchange:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:5.0.12:*:microsoft_exchange:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:5.0.13:*:microsoft_exchange:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:5.0.13:*:microsoft_exchange:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:6.0.6:*:microsoft_exchange:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:6.0.6:*:microsoft_exchange:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:6.0.7:*:microsoft_exchange:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:6.0.7:*:microsoft_exchange:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:6.0.8:*:microsoft_exchange:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:6.0.8:*:microsoft_exchange:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:7.5.3.25:*:domino:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:7.5.3.25:*:domino:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:7.5.4.29:*:domino:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:7.5.4.29:*:domino:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:7.5.5.32:*:domino:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:7.5.5.32:*:domino:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:7.5.6:*:domino:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:7.5.6:*:domino:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:7.5.7:*:domino:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:7.5.7:*:domino:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:7.5.8:*:domino:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:7.5.8:*:domino:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:8.0:*:domino:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:8.0:*:domino:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:8.0.1:*:domino:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:8.0.1:*:domino:*:*:*:*:*
  • cpe:2.3:a:symantec:mail_security:8.0.2:*:domino:*:*:*:*:*
    cpe:2.3:a:symantec:mail_security:8.0.2:*:domino:*:*:*:*:*
CVSS
Base: 10.0 (as of 07-02-2013 - 04:21)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 38468
confirm
idefense 20100304 Autonomy KeyView OLE Document Integer Overflow Vulnerability
Last major update 07-02-2013 - 04:21
Published 05-03-2010 - 19:30
Last modified 07-02-2013 - 04:21
Back to Top