CVE-2008-4564

CWE-119 — Buffer Overflow3 documents3 sources

Severity

9.3CRITICAL

EPSS

50.8%

top 2.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autonomy Keyview Export SDK Autonomy Keyview Filter SDK Autonomy Keyview Viewer SDK +6 more

Timeline

PublishedMar 18

Latest updateMay 2

Description

Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages9 packages

▶NVDsymantec/data_loss_prevention_endpoint_agents8.0, 8.1+1

▶NVDsymantec/data_loss_prevention_detection_servers7.0, 8.0, 8.1+2

▶NVDsymantec/brightmail5.0

▶NVDsymantec/mail_security15 versions+14

▶NVDsymantec/enforce7.0, 8.0, 8.1+2

🔴Vulnerability Details

GHSA

GHSA-6p66-f3jg-vmhh: Stack-based buffer overflow in wp6sr↗2022-05-02

▶

CVEList

CVE-2008-4564: Stack-based buffer overflow in wp6sr↗2009-03-18

▶