CVE-2009-3037

HIGH

Description

Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.

References

http://secunia.com/advisories/36472

http://secunia.com/advisories/36474

http://www.securityfocus.com/bid/36042

http://www.securityfocus.com/bid/36124

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00

http://www.vupen.com/english/advisories/2009/2389

http://www-01.ibm.com/support/docview.wss?uid=swg21396492

Details

Source: MITRE

Published: 2009-09-01

Updated: 2013-02-07

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH