CVE-2008-4564

EPSS 56.29%
Published 18.03.2009 15:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.

Affected products Warnungen 0 Metrics 2 CWE 1 References 21

Data is provided by the National Vulnerability Database (NVD)

Autonomy ≫ Keyview Export Sdk Version <= 10.4

Autonomy ≫ Keyview Export Sdk Version2.0

Autonomy ≫ Keyview Export Sdk Version9.2.0

Autonomy ≫ Keyview Export Sdk Version10

Autonomy ≫ Keyview Export Sdk Version10.3

Autonomy ≫ Keyview Filter Sdk Version <= 10.4

Autonomy ≫ Keyview Filter Sdk Version2.0

Autonomy ≫ Keyview Filter Sdk Version9.2.0

Autonomy ≫ Keyview Filter Sdk Version10

Autonomy ≫ Keyview Filter Sdk Version10.3

Autonomy ≫ Keyview Viewer Sdk Version <= 10.4

Autonomy ≫ Keyview Viewer Sdk Version2.0

Autonomy ≫ Keyview Viewer Sdk Version9.2.0

Autonomy ≫ Keyview Viewer Sdk Version10

Autonomy ≫ Keyview Viewer Sdk Version10.3

Ibm ≫ Lotus Notes Version5.0.3

Ibm ≫ Lotus Notes Version5.0.12

Ibm ≫ Lotus Notes Version6.0

Ibm ≫ Lotus Notes Version6.0.1

Ibm ≫ Lotus Notes Version6.0.2

Ibm ≫ Lotus Notes Version6.0.3

Ibm ≫ Lotus Notes Version6.0.4

Ibm ≫ Lotus Notes Version6.0.5

Ibm ≫ Lotus Notes Version6.5

Ibm ≫ Lotus Notes Version6.5.1

Ibm ≫ Lotus Notes Version6.5.2

Ibm ≫ Lotus Notes Version6.5.3

Ibm ≫ Lotus Notes Version6.5.4

Ibm ≫ Lotus Notes Version6.5.5

Ibm ≫ Lotus Notes Version6.5.5 Editionfp2

Ibm ≫ Lotus Notes Version6.5.5 Editionfp3

Ibm ≫ Lotus Notes Version6.5.6

Ibm ≫ Lotus Notes Version6.5.6 Editionfp2

Ibm ≫ Lotus Notes Version7.0

Ibm ≫ Lotus Notes Version7.0.1

Ibm ≫ Lotus Notes Version7.0.2

Ibm ≫ Lotus Notes Version7.0.2 Editionfp1

Ibm ≫ Lotus Notes Version7.0.3

Ibm ≫ Lotus Notes Version8.0

Symantec ≫ Altiris Deployment Solution

Symantec ≫ Brightmail Version5.0 Editionappliance

Symantec ≫ Data Loss Prevention Detection Servers Version7.0

Symantec ≫ Data Loss Prevention Detection Servers Version8.0

Symantec ≫ Data Loss Prevention Detection Servers Version8.1 Editionlinux

Symantec ≫ Data Loss Prevention Detection Servers Version8.1 Editionwindows

Symantec ≫ Data Loss Prevention Endpoint Agents Version8.0

Symantec ≫ Data Loss Prevention Endpoint Agents Version8.1

Symantec ≫ Enforce Version7.0

Symantec ≫ Enforce Version8.0

Symantec ≫ Enforce Version8.1 Editionlinux

Symantec ≫ Enforce Version8.1 Editionwindows

Symantec ≫ Mail Security Version5.0 Editionappliance

Symantec ≫ Mail Security Version5.0.0

Symantec ≫ Mail Security Version5.0.0 Editionsmtp

Symantec ≫ Mail Security Version5.0.0.24 Editionappliance

Symantec ≫ Mail Security Version5.0.1 Editionsmtp

Symantec ≫ Mail Security Version5.0.1.181 Editionsmtp

Symantec ≫ Mail Security Version5.0.1.182 Editionsmtp

Symantec ≫ Mail Security Version5.0.1.189 Editionsmtp

Symantec ≫ Mail Security Version5.0.1.200 Editionsmtp

Symantec ≫ Mail Security Version5.0.10 Editionmicrosoft_exchange

Symantec ≫ Mail Security Version5.0.11 Editionmicrosoft_exchange

Symantec ≫ Mail Security Version6.0.6 Updatemicrosoft_exchange

Symantec ≫ Mail Security Version6.0.7 Updatemicrosoft_exchange

Symantec ≫ Mail Security Version7.5..4.29 Editiondomino

Symantec ≫ Mail Security Version7.5.3.25 Editiondomino

Symantec ≫ Mail Security Version7.5.5.32 Editiondomino

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	56.29%	0.98

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774

http://osvdb.org/52713

http://secunia.com/advisories/34303

http://secunia.com/advisories/34307

Vendor Advisory

http://secunia.com/advisories/34318

http://secunia.com/advisories/34355

http://securitytracker.com/id?1021856

http://securitytracker.com/id?1021857

http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21377573

Vendor Advisory

http://www.kb.cert.org/vuls/id/276563