Vulnerability Name:
CVE-2010-0135 (CCN-60749)
Assigned:
2010-07-28
Published:
2010-07-28
Updated:
2013-02-07
Summary:
Heap-based buffer overflow in the WordPerfect 5.x reader (wosr.dll), as used in Autonomy KeyView 10.4 and 10.9 and possibly other products, allows remote attackers to execute arbitrary code via unspecified vectors related to "data blocks."
CVSS v3 Severity:
10.0 Critical
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Changed
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
CVSS v2 Severity:
9.3 High
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
)
6.9 Medium
(Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
9.3 High
(CCN CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
)
6.9 Medium
(CCN Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
Vulnerability Type:
CWE-119
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-2010-0135
Source: CCN
Type: SA38690
Autonomy Keyview Multiple Vulnerabilities
Source: CCN
Type: SA38704
Lotus Notes File Parsing Multiple Vulnerabilities
Source: CCN
Type: SA38830
Symantec Products File Parsing Multiple Vulnerabilities
Source: MISC
Type: Vendor Advisory
http://secunia.com/secunia_research/2010-31/
Source: CCN
Type: Secunia Research 28/07/2010
Symantec Products wosr.dll Data Block Parsing Buffer Overflow
Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21440812
Source: CCN
Type: Autonomy Web site
Autonomy - The Leader in Meaning-Based Computing & Enterprise Search
Source: CCN
Type: OSVDB ID: 67246
Autonomy Keyview WordPerfect 5 Reader (wosr.dll) Data Block Parsing Overflow
Source: BID
Type: UNKNOWN
41928
Source: CCN
Type: BID-41928
Autonomy KeyView Filter Module Multiple Memory Corruption Vulnerabilities
Source: CONFIRM
Type: UNKNOWN
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01
Source: XF
Type: UNKNOWN
autonomy-wordperfect5-bo(60749)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:autonomy:keyview_export_sdk:10.4:*:*:*:*:*:*:*
OR
cpe:/a:autonomy:keyview_export_sdk:10.9:*:*:*:*:*:*:*
OR
cpe:/a:autonomy:keyview_filter_sdk:10.4:*:*:*:*:*:*:*
OR
cpe:/a:autonomy:keyview_filter_sdk:10.9:*:*:*:*:*:*:*
OR
cpe:/a:autonomy:keyview_viewer_sdk:10.4:*:*:*:*:*:*:*
OR
cpe:/a:autonomy:keyview_viewer_sdk:10.9:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:symantec:data_loss_prevention_endpoint_agents:8.0:*:*:*:*:*:*:*
OR
cpe:/a:symantec:data_loss_prevention_endpoint_agents:8.1:*:*:*:*:*:*:*
OR
cpe:/a:symantec:data_loss_prevention_detection_servers:8.0:*:*:*:*:*:*:*
OR
cpe:/a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*
OR
cpe:/a:autonomy:keyview_export_sdk:10.4:*:*:*:*:*:*:*
OR
cpe:/a:autonomy:keyview_export_sdk:10.9:*:*:*:*:*:*:*
OR
cpe:/a:autonomy:keyview_filter_sdk:10.4:*:*:*:*:*:*:*
OR
cpe:/a:autonomy:keyview_filter_sdk:10.9:*:*:*:*:*:*:*
OR
cpe:/a:autonomy:keyview_viewer_sdk:10.4:*:*:*:*:*:*:*
OR
cpe:/a:autonomy:keyview_viewer_sdk:10.9:*:*:*:*:*:*:*
OR
cpe:/a:symantec:data_loss_prevention_detection_servers:8.1::linux:*:*:*:*:*
Denotes that component is vulnerable
BACK
autonomy
keyview export sdk 10.4
autonomy
keyview export sdk 10.9
autonomy
keyview filter sdk 10.4
autonomy
keyview filter sdk 10.9
autonomy
keyview viewer sdk 10.4
autonomy
keyview viewer sdk 10.9
symantec
data loss prevention endpoint agents 8.0
symantec
data loss prevention endpoint agents 8.1
symantec
data loss prevention detection servers 8.0
ibm
lotus notes 8.5
autonomy
keyview export sdk 10.4
autonomy
keyview export sdk 10.9
autonomy
keyview filter sdk 10.4
autonomy
keyview filter sdk 10.9
autonomy
keyview viewer sdk 10.4
autonomy
keyview viewer sdk 10.9
symantec
data loss prevention detection servers 8.1