CVE-2009-3037

EPSS 16.84%
Published 01.09.2009 16:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Lotus Notes Version5.0

Ibm ≫ Lotus Notes Version5.0.1

Ibm ≫ Lotus Notes Version5.0.2

Ibm ≫ Lotus Notes Version5.0.3

Ibm ≫ Lotus Notes Version5.0.4

Ibm ≫ Lotus Notes Version5.0.5

Ibm ≫ Lotus Notes Version5.0.6

Ibm ≫ Lotus Notes Version5.0.9a

Ibm ≫ Lotus Notes Version5.0.10

Ibm ≫ Lotus Notes Version5.0.11

Ibm ≫ Lotus Notes Version5.0.12

Ibm ≫ Lotus Notes Version5.02

Ibm ≫ Lotus Notes Version6.0

Ibm ≫ Lotus Notes Version6.0.1

Ibm ≫ Lotus Notes Version6.0.2

Ibm ≫ Lotus Notes Version6.0.3

Ibm ≫ Lotus Notes Version6.0.4

Ibm ≫ Lotus Notes Version6.0.5

Ibm ≫ Lotus Notes Version6.5

Ibm ≫ Lotus Notes Version6.5.1

Ibm ≫ Lotus Notes Version6.5.2

Ibm ≫ Lotus Notes Version6.5.3

Ibm ≫ Lotus Notes Version6.5.4

Ibm ≫ Lotus Notes Version6.5.5

Ibm ≫ Lotus Notes Version6.5.5 Editionfp2

Ibm ≫ Lotus Notes Version6.5.5 Editionfp3

Ibm ≫ Lotus Notes Version6.5.6

Ibm ≫ Lotus Notes Version6.5.6 Editionfp2

Ibm ≫ Lotus Notes Version7.0

Ibm ≫ Lotus Notes Version7.0.0

Ibm ≫ Lotus Notes Version7.0.1

Ibm ≫ Lotus Notes Version7.0.2

Ibm ≫ Lotus Notes Version7.0.2 Editionfp1

Ibm ≫ Lotus Notes Version7.0.3

Ibm ≫ Lotus Notes Version8.0

Ibm ≫ Lotus Notes Version8.0.0

Ibm ≫ Lotus Notes Version8.0.1

Ibm ≫ Lotus Notes Version8.5

Symantec ≫ Brightmail Appliance Version5.0

Symantec ≫ Brightmail Appliance Version8.0.0

Symantec ≫ Brightmail Appliance Version8.0.1

Symantec ≫ Data Loss Prevention Detection Servers Version7.2

Symantec ≫ Data Loss Prevention Detection Servers Version8.1.1 Editionlinux

Symantec ≫ Data Loss Prevention Detection Servers Version8.1.1 Editionwindows

Symantec ≫ Data Loss Prevention Detection Servers Version9.0.1 Editionlinux

Symantec ≫ Data Loss Prevention Detection Servers Version9.0.1 Editionwindows

Symantec ≫ Data Loss Prevention Endpoint Agents Version8.1.1

Symantec ≫ Data Loss Prevention Endpoint Agents Version9.0.1

Symantec ≫ Mail Security Version5.0 Editionsmtp

Symantec ≫ Mail Security Version5.0.0 Editionsmtp

Symantec ≫ Mail Security Version5.0.1 Editionsmtp

Symantec ≫ Mail Security Version5.0.1.181 Editionsmtp

Symantec ≫ Mail Security Version5.0.1.182 Editionsmtp

Symantec ≫ Mail Security Version5.0.1.189 Editionsmtp

Symantec ≫ Mail Security Version5.0.1.200 Editionsmtp

Symantec ≫ Mail Security Version5.0.10 Editionmicrosoft_exchange

Symantec ≫ Mail Security Version5.0.11 Editionmicrosoft_exchange

Symantec ≫ Mail Security Version5.0.12 Editionmicrosoft_exchange

Symantec ≫ Mail Security Version6.0.6 Editionmicrosoft_exchange

Symantec ≫ Mail Security Version6.0.7 Editionmicrosoft_exchange

Symantec ≫ Mail Security Version6.0.8 Editionmicrosoft_exchange

Symantec ≫ Mail Security Version7.5.3.25 Editiondomino

Symantec ≫ Mail Security Version7.5.4.29 Editiondomino

Symantec ≫ Mail Security Version7.5.5.32 Editiondomino

Symantec ≫ Mail Security Version7.5.6 Editiondomino

Symantec ≫ Mail Security Version8.0 Editiondomino

Symantec ≫ Mail Security Appliance Version5.0

Symantec ≫ Mail Security Appliance Version5.0.0.24

Symantec ≫ Mail Security Appliance Version5.0.0.36

Autonomy ≫ Keyview

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	16.84%	0.944

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/36472

Vendor Advisory

http://secunia.com/advisories/36474

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21396492

Patch

Vendor Advisory

http://www.securityfocus.com/bid/36042

http://www.securityfocus.com/bid/36124

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00

http://www.vupen.com/english/advisories/2009/2389

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2009-3037

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-3037

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-3037

EUVD