CVE-2009-3037

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Notes; Brightmail Appliance; Data Loss Prevention Detection Servers; Data Loss Prevention Endpoint Agents
Vendor: CVE Published:; 1 September 2009

Summary

Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.

References

http://www.vupen.com/english/advisories/2009/2389

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/36042

vdb-entryx_refsource_BID

http://secunia.com/advisories/36472

third-party-advisoryx_refsource_SECUNIA

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 1, 2009
Vulnerability Reserved
Sep 1, 2009