Heap-Based Buffer Overflow in Autonomy KeyView Used in IBM Lotus Notes
CVE-2011-1512

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Notes; Keyview
Vendor: CVE Published:; 31 May 2011

Summary

A heap-based buffer overflow vulnerability exists in the xlssr.dll component of Autonomy KeyView, which is utilized in IBM Lotus Notes prior to version 8.5.2 FP3. This vulnerability may be exploited by remote attackers through specially crafted BIFF records in .xls attachments, allowing for arbitrary code execution on the affected system. Ensuring that your IBM Lotus Notes application is updated and that proper security measures are in place can mitigate the risk posed by this vulnerability.

References

http://www.ibm.com/support/docview.wss?uid=swg21500034

x_refsource_CONFIRM

http://www.securityfocus.com/bid/47962

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/518120/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 31, 2011
Vulnerability Reserved
Mar 23, 2011