CVE-2009-3032

CWE-1893 documents3 sources

Severity

10.0CRITICAL

EPSS

1.9%

top 16.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Lotus Notes Symantec Brightmail Gateway Symantec Data Loss Prevention Detection Servers +2 more

Timeline

PublishedMar 5

Latest updateMay 2

Description

Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

▶NVDsymantec/mail_security19 versions+18

▶NVDibm/lotus_notes8.5

▶NVDsymantec/brightmail_gateway8.0

▶NVDsymantec/data_loss_prevention_endpoint_agents10.0, 8.1.1, 9.0.1+2

▶NVDsymantec/data_loss_prevention_detection_servers10.0, 8.1.1, 9.0.1+2

🔴Vulnerability Details

GHSA

GHSA-xpw9-59vc-m8w9: Integer overflow in kvolefio↗2022-05-02

▶

CVEList

CVE-2009-3032: Integer overflow in kvolefio↗2010-03-05

▶