Vulnerability Name:

CVE-2010-0135 (CCN-60749)

Assigned:2010-07-28
Published:2010-07-28
Updated:2013-02-07
Summary:Heap-based buffer overflow in the WordPerfect 5.x reader (wosr.dll), as used in Autonomy KeyView 10.4 and 10.9 and possibly other products, allows remote attackers to execute arbitrary code via unspecified vectors related to "data blocks."
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-0135

Source: CCN
Type: SA38690
Autonomy Keyview Multiple Vulnerabilities

Source: CCN
Type: SA38704
Lotus Notes File Parsing Multiple Vulnerabilities

Source: CCN
Type: SA38830
Symantec Products File Parsing Multiple Vulnerabilities

Source: MISC
Type: Vendor Advisory
http://secunia.com/secunia_research/2010-31/

Source: CCN
Type: Secunia Research 28/07/2010
Symantec Products wosr.dll Data Block Parsing Buffer Overflow

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21440812

Source: CCN
Type: Autonomy Web site
Autonomy - The Leader in Meaning-Based Computing & Enterprise Search

Source: CCN
Type: OSVDB ID: 67246
Autonomy Keyview WordPerfect 5 Reader (wosr.dll) Data Block Parsing Overflow

Source: BID
Type: UNKNOWN
41928

Source: CCN
Type: BID-41928
Autonomy KeyView Filter Module Multiple Memory Corruption Vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01

Source: XF
Type: UNKNOWN
autonomy-wordperfect5-bo(60749)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:autonomy:keyview_export_sdk:10.4:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_export_sdk:10.9:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_filter_sdk:10.4:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_filter_sdk:10.9:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_viewer_sdk:10.4:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_viewer_sdk:10.9:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:symantec:data_loss_prevention_endpoint_agents:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:data_loss_prevention_endpoint_agents:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:data_loss_prevention_detection_servers:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_export_sdk:10.4:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_export_sdk:10.9:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_filter_sdk:10.4:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_filter_sdk:10.9:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_viewer_sdk:10.4:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_viewer_sdk:10.9:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:data_loss_prevention_detection_servers:8.1::linux:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    autonomy keyview export sdk 10.4
    autonomy keyview export sdk 10.9
    autonomy keyview filter sdk 10.4
    autonomy keyview filter sdk 10.9
    autonomy keyview viewer sdk 10.4
    autonomy keyview viewer sdk 10.9
    symantec data loss prevention endpoint agents 8.0
    symantec data loss prevention endpoint agents 8.1
    symantec data loss prevention detection servers 8.0
    ibm lotus notes 8.5
    autonomy keyview export sdk 10.4
    autonomy keyview export sdk 10.9
    autonomy keyview filter sdk 10.4
    autonomy keyview filter sdk 10.9
    autonomy keyview viewer sdk 10.4
    autonomy keyview viewer sdk 10.9
    symantec data loss prevention detection servers 8.1