CVE-2009-3037

EUVD-2009-3021
Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
ibmlotus_notes
5.0
ibmlotus_notes
5.0.1
ibmlotus_notes
5.0.2
ibmlotus_notes
5.0.3
ibmlotus_notes
5.0.4
ibmlotus_notes
5.0.5
ibmlotus_notes
5.0.6
ibmlotus_notes
5.0.9a:a
ibmlotus_notes
5.0.10
ibmlotus_notes
5.0.11
ibmlotus_notes
5.0.12
ibmlotus_notes
5.02
ibmlotus_notes
6.0
ibmlotus_notes
6.0.1
ibmlotus_notes
6.0.2
ibmlotus_notes
6.0.3
ibmlotus_notes
6.0.4
ibmlotus_notes
6.0.5
ibmlotus_notes
6.5
ibmlotus_notes
6.5.1
ibmlotus_notes
6.5.2
ibmlotus_notes
6.5.3
ibmlotus_notes
6.5.4
ibmlotus_notes
6.5.5
ibmlotus_notes
6.5.5
ibmlotus_notes
6.5.5
ibmlotus_notes
6.5.6
ibmlotus_notes
6.5.6
ibmlotus_notes
7.0
ibmlotus_notes
7.0.0
ibmlotus_notes
7.0.1
ibmlotus_notes
7.0.2
ibmlotus_notes
7.0.2
ibmlotus_notes
7.0.3
ibmlotus_notes
8.0
ibmlotus_notes
8.0.0
ibmlotus_notes
8.0.1
ibmlotus_notes
8.5
symantecbrightmail_appliance
5.0
symantecbrightmail_appliance
8.0.0
symantecbrightmail_appliance
8.0.1
symantecdata_loss_prevention_detection_servers
7.2
symantecdata_loss_prevention_detection_servers
8.1.1
symantecdata_loss_prevention_detection_servers
8.1.1
symantecdata_loss_prevention_detection_servers
9.0.1
symantecdata_loss_prevention_detection_servers
9.0.1
symantecdata_loss_prevention_endpoint_agents
8.1.1
symantecdata_loss_prevention_endpoint_agents
9.0.1
symantecmail_security
5.0
symantecmail_security
5.0.0
symantecmail_security
5.0.1
symantecmail_security
5.0.1.181
symantecmail_security
5.0.1.182
symantecmail_security
5.0.1.189
symantecmail_security
5.0.1.200
symantecmail_security
5.0.10
symantecmail_security
5.0.11
symantecmail_security
5.0.12
symantecmail_security
6.0.6
symantecmail_security
6.0.7
symantecmail_security
6.0.8
symantecmail_security
7.5.3.25
symantecmail_security
7.5.4.29
symantecmail_security
7.5.5.32
symantecmail_security
7.5.6
symantecmail_security
8.0
symantecmail_security_appliance
5.0
symantecmail_security_appliance
5.0.0.24
symantecmail_security_appliance
5.0.0.36
autonomykeyview
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/36472
http://secunia.com/advisories/36474
http://www-01.ibm.com/support/docview.wss?uid=swg21396492
http://www.securityfocus.com/bid/36042
http://www.securityfocus.com/bid/36124
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00
http://www.vupen.com/english/advisories/2009/2389
http://secunia.com/advisories/36472
http://secunia.com/advisories/36474
http://www-01.ibm.com/support/docview.wss?uid=swg21396492
http://www.securityfocus.com/bid/36042
http://www.securityfocus.com/bid/36124
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00
http://www.vupen.com/english/advisories/2009/2389