Buffer Overflow Vulnerability in Autonomy KeyView XLS Viewer and IBM Lotus Notes
CVE-2009-3037

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Notes; Brightmail Appliance; Data Loss Prevention Detection Servers; Data Loss Prevention Endpoint Agents
Vendor: CVE Published:; 1 September 2009

Summary

A buffer overflow vulnerability exists in the xlssr.dll file of the Autonomy KeyView XLS viewer, which is integrated into various products including IBM Lotus Notes and multiple Symantec offerings. This flaw allows remote attackers to craft malicious .xls spreadsheet attachments that may execute arbitrary code on vulnerable systems. Exploitation of this vulnerability can lead to unauthorized access and control over affected systems, highlighting the need for swift updates and security measures.

References

http://www.vupen.com/english/advisories/2009/2389

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/36042

vdb-entryx_refsource_BID

http://secunia.com/advisories/36472

third-party-advisoryx_refsource_SECUNIA

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 1, 2009
Vulnerability Reserved
Sep 1, 2009