Lucene search
MitreCVE-2011-1512HistoryMay 31, 2011 - 8:55 p.m.
CVE-2011-1512
2011-05-3120:55:02
CWE-119
mitre
web.nvd.nist.gov
41
cve-2011-1512
autonomy keyview
ibm lotus notes
buffer overflow
xlssr.dll
remote code execution
nvd
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.9
Confidence
Low
EPSS
0.084
Percentile
94.4%
Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR.
Affected configurations
Node
autonomykeyview
ORibmlotus_notesRange≤8.5.2.2
ORibmlotus_notesMatch3.0
ORibmlotus_notesMatch3.0.0.1
ORibmlotus_notesMatch3.0.0.2
ORibmlotus_notesMatch4.2
ORibmlotus_notesMatch4.2.1
ORibmlotus_notesMatch4.2.2
ORibmlotus_notesMatch4.5
ORibmlotus_notesMatch4.6
ORibmlotus_notesMatch4.6.7a
ORibmlotus_notesMatch4.6.7h
ORibmlotus_notesMatch5.0
ORibmlotus_notesMatch5.0.1
ORibmlotus_notesMatch5.0.1.02
ORibmlotus_notesMatch5.0.1a
ORibmlotus_notesMatch5.0.1b
ORibmlotus_notesMatch5.0.1c
ORibmlotus_notesMatch5.0.2
ORibmlotus_notesMatch5.0.2a
ORibmlotus_notesMatch5.0.2b
ORibmlotus_notesMatch5.0.2c
ORibmlotus_notesMatch5.0.3
ORibmlotus_notesMatch5.0.4
ORibmlotus_notesMatch5.0.4a
ORibmlotus_notesMatch5.0.5
ORibmlotus_notesMatch5.0.5.01
ORibmlotus_notesMatch5.0.5.02
ORibmlotus_notesMatch5.0.6
ORibmlotus_notesMatch5.0.6a
ORibmlotus_notesMatch5.0.6a.01
ORibmlotus_notesMatch5.0.7
ORibmlotus_notesMatch5.0.7a
ORibmlotus_notesMatch5.0.8
ORibmlotus_notesMatch5.0.9
ORibmlotus_notesMatch5.0.9a
ORibmlotus_notesMatch5.0.10
ORibmlotus_notesMatch5.0.11
ORibmlotus_notesMatch5.0.12
ORibmlotus_notesMatch5.0a
ORibmlotus_notesMatch5.02
ORibmlotus_notesMatch6.0
ORibmlotus_notesMatch6.0.1
ORibmlotus_notesMatch6.0.1cf1
ORibmlotus_notesMatch6.0.1cf2
ORibmlotus_notesMatch6.0.1cf3
ORibmlotus_notesMatch6.0.2
ORibmlotus_notesMatch6.0.2cf1
ORibmlotus_notesMatch6.0.2cf2
ORibmlotus_notesMatch6.0.2.2
ORibmlotus_notesMatch6.0.3
ORibmlotus_notesMatch6.0.4
ORibmlotus_notesMatch6.0.5
ORibmlotus_notesMatch6.5
ORibmlotus_notesMatch6.5.1
ORibmlotus_notesMatch6.5.2
ORibmlotus_notesMatch6.5.3
ORibmlotus_notesMatch6.5.3.1
ORibmlotus_notesMatch6.5.4
ORibmlotus_notesMatch6.5.4.1
ORibmlotus_notesMatch6.5.4.2
ORibmlotus_notesMatch6.5.4.3
ORibmlotus_notesMatch6.5.5
ORibmlotus_notesMatch6.5.5.1
ORibmlotus_notesMatch6.5.5.2
ORibmlotus_notesMatch6.5.5.3
ORibmlotus_notesMatch6.5.6
ORibmlotus_notesMatch6.5.6.1
ORibmlotus_notesMatch6.5.6.2
ORibmlotus_notesMatch6.5.6.3
ORibmlotus_notesMatch7.0
ORibmlotus_notesMatch7.0.0
ORibmlotus_notesMatch7.0.1
ORibmlotus_notesMatch7.0.1.1
ORibmlotus_notesMatch7.0.2
ORibmlotus_notesMatch7.0.2.1
ORibmlotus_notesMatch7.0.2.2
ORibmlotus_notesMatch7.0.2.3
ORibmlotus_notesMatch7.0.3
ORibmlotus_notesMatch7.0.3.1
ORibmlotus_notesMatch7.0.4
ORibmlotus_notesMatch7.0.4.0
ORibmlotus_notesMatch7.0.4.1
ORibmlotus_notesMatch7.0.4.2
ORibmlotus_notesMatch8.0
ORibmlotus_notesMatch8.0.0
ORibmlotus_notesMatch8.0.1
ORibmlotus_notesMatch8.0.2
ORibmlotus_notesMatch8.0.2.0
ORibmlotus_notesMatch8.0.2.1
ORibmlotus_notesMatch8.0.2.2
ORibmlotus_notesMatch8.0.2.3
ORibmlotus_notesMatch8.0.2.4
ORibmlotus_notesMatch8.0.2.5
ORibmlotus_notesMatch8.0.2.6
ORibmlotus_notesMatch8.5
ORibmlotus_notesMatch8.5.0.0
ORibmlotus_notesMatch8.5.0.1
ORibmlotus_notesMatch8.5.1
ORibmlotus_notesMatch8.5.1.0
ORibmlotus_notesMatch8.5.1.1
ORibmlotus_notesMatch8.5.1.2
ORibmlotus_notesMatch8.5.1.3
ORibmlotus_notesMatch8.5.1.4
ORibmlotus_notesMatch8.5.1.5
ORibmlotus_notesMatch8.5.2.0
ORibmlotus_notesMatch8.5.2.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| autonomy | keyview | * | cpe:2.3:a:autonomy:keyview:*:*:*:*:*:*:*:* |
| ibm | lotus_notes | * | cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:* |
| ibm | lotus_notes | 3.0 | cpe:2.3:a:ibm:lotus_notes:3.0:*:*:*:*:*:*:* |
| ibm | lotus_notes | 3.0.0.1 | cpe:2.3:a:ibm:lotus_notes:3.0.0.1:*:*:*:*:*:*:* |
| ibm | lotus_notes | 3.0.0.2 | cpe:2.3:a:ibm:lotus_notes:3.0.0.2:*:*:*:*:*:*:* |
| ibm | lotus_notes | 4.2 | cpe:2.3:a:ibm:lotus_notes:4.2:*:*:*:*:*:*:* |
| ibm | lotus_notes | 4.2.1 | cpe:2.3:a:ibm:lotus_notes:4.2.1:*:*:*:*:*:*:* |
| ibm | lotus_notes | 4.2.2 | cpe:2.3:a:ibm:lotus_notes:4.2.2:*:*:*:*:*:*:* |
| ibm | lotus_notes | 4.5 | cpe:2.3:a:ibm:lotus_notes:4.5:*:*:*:*:*:*:* |
| ibm | lotus_notes | 4.6 | cpe:2.3:a:ibm:lotus_notes:4.6:*:*:*:*:*:*:* |
References
secunia.com/advisories/44624
securityreason.com/securityalert/8263
www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow
www.ibm.com/support/docview.wss?uid=swg21500034
www.securityfocus.com/archive/1/518120/100/0/threaded
www.securityfocus.com/bid/47962
exchange.xforce.ibmcloud.com/vulnerabilities/67619
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14203
Related
prion
prion
Heap overflow
2011-05-31 20:55:00
securityvulns
securityvulns
CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow
2011-05-26 00:00:00
IBM Lotus Notes multiple security vulnerabilities
2011-05-26 00:00:00
cvelist
cvelist
CVE-2011-1512
2011-05-31 20:00:00
nvd
nvd
CVE-2011-1512
2011-05-31 20:55:02
kaspersky
kaspersky
KLA10202 ACE vulnerabilities in IBM Lotus Notes
2011-05-31 00:00:00
openvas
openvas
IBM Lotus Notes File Viewers Multiple BOF Vulnerabilities (Windows)
2011-06-07 00:00:00
IBM Lotus Notes File Viewers Multiple BOF Vulnerabilities - Windows
2011-06-07 00:00:00
nessus
nessus
IBM Lotus Notes Attachment Handling Multiple Buffer Overflows
2011-05-31 00:00:00
symantec
symantec
Multi-Vendor Autonomy Verity Keyview Filter Multiple Issues
2011-10-06 08:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.9
Confidence
Low
EPSS
0.084
Percentile
94.4%
Related for CVE-2011-1512