Vulnerability Name: | CCN-61822 | ||||||
Published: | 2010-07-27 | ||||||
Updated: | 2010-07-27 | ||||||
Summary: | Autonomy KeyView, as utilized in multiple products, is vulnerable to a buffer overflow, caused by improper bounds checking by the Lotus Notes file viewer. By persuading a victim to view a specially-crafted Word document containing a malformed shape, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. | ||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||
CVSS v2 Severity: | 9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||
Vulnerability Consequences: | Gain Access | ||||||
References: | Source: CCN Type: SA38690 Autonomy Keyview Multiple Vulnerabilities Source: CCN Type: IBM Security Bulletin 1440812 Fixes for potential security vulnerabilities in Lotus Notes file viewers Source: CCN Type: Autonomy Web site Autonomy - The Leader in Meaning-Based Computing & Enterprise Search Source: XF Type: UNKNOWN keyview-shape-bo(61822) Source: CCN Type: ZDI-10-157 IBM Lotus Notes Autonomy KeyView Office Shape Parsing Remote Code Execution Vulnerability | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |