CVE-2010-0134

CWE-1893 documents3 sources
Severity
9.3CRITICAL
EPSS
4.3%
top 11.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Autonomy Keyview Export SDKAutonomy Keyview Filter SDKAutonomy Keyview Viewer SDK
Timeline
PublishedAug 17
Latest updateMay 2

Description

Integer signedness error in rtfsr.dll in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted \ls keyword in a list override table entry in an RTF file, which triggers a buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDautonomy/keyview_export_sdk10.4, 10.9+1
NVDautonomy/keyview_filter_sdk10.4, 10.9+1
NVDautonomy/keyview_viewer_sdk10.4, 10.9+1

🔴Vulnerability Details

2
GHSA
GHSA-j2g9-p996-478m: Integer signedness error in rtfsr2022-05-02
CVEList
CVE-2010-0134: Integer signedness error in rtfsr2010-08-17
CVE-2010-0134 (CRITICAL CVSS 9.3) | Integer signedness error in rtfsr.d | cvebase.io