CVE-2009-3037

CWE-119 — Buffer Overflow3 documents3 sources

Severity

9.3CRITICAL

EPSS

18.5%

top 4.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Lotus Notes Symantec Brightmail Appliance Symantec Data Loss Prevention Detection Servers +3 more

Timeline

PublishedSep 1

Latest updateMay 2

Description

Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages6 packages

▶NVDsymantec/brightmail_appliance5.0, 8.0.0, 8.0.1+2

▶NVDsymantec/mail_security_appliance5.0, 5.0.0.24, 5.0.0.36+2

▶NVDsymantec/data_loss_prevention_endpoint_agents8.1.1, 9.0.1+1

▶NVDsymantec/data_loss_prevention_detection_servers7.2, 8.1.1, 9.0.1+2

▶NVDsymantec/mail_security18 versions+17

Patches

Patch: www-01.ibm.com ↗Patch: www.vupen.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-wx8c-4976-gv57: Buffer overflow in xlssr↗2022-05-02

▶

CVEList

CVE-2009-3037: Buffer overflow in xlssr↗2009-09-01

▶