Integer Overflow Vulnerability in IBM Lotus Notes and Symantec Mail Security
CVE-2009-3032

Currently unrated

Key Information:

Vendor: Symantec
Status: Data Loss Prevention Detection Servers; Mail Security; Im Manager 2007; Lotus Notes
Vendor: CVE Published:; 5 March 2010

What is CVE-2009-3032?

An integer overflow vulnerability exists in kvolefio.dll versions 8.5.0.8339 and 10.5.0.0, utilized by IBM Lotus Notes and Symantec Mail Security. This flaw allows attackers to craft malicious OLE documents that trigger a heap-based buffer overflow, potentially leading to arbitrary code execution on affected systems.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

http://www-01.ibm.com/support/docview.wss?uid=swg21440812

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2010
Vulnerability Reserved
Aug 31, 2009