Integer Overflow Vulnerability in IBM Lotus Notes and Symantec Mail Security
CVE-2009-3032

Currently unrated

Key Information:

Vendor: Symantec
Status: Data Loss Prevention Detection Servers; Mail Security; Im Manager 2007; Lotus Notes
Vendor: CVE Published:; 5 March 2010

Summary

An integer overflow vulnerability exists in kvolefio.dll versions 8.5.0.8339 and 10.5.0.0, utilized by IBM Lotus Notes and Symantec Mail Security. This flaw allows attackers to craft malicious OLE documents that trigger a heap-based buffer overflow, potentially leading to arbitrary code execution on affected systems.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

http://www-01.ibm.com/support/docview.wss?uid=swg21440812

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 5, 2010
Vulnerability Reserved
Aug 31, 2009