Buffer overflow in Autonomy Keyview

CVE-2011-1512

Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3…

Vulnerability class: Buffer Overflow

EPSS: 0.216 (95.8th percentile) — read the EPSS interpretation.

Affected products

Autonomy Keyview
Ibm Lotus_notes — versions 3.0, 3.0.0.1, 3.0.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_CONFIRM)
47962 (vdb-entry, x_refsource_BID)
20110524 CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow (mailing-list, x_refsource_BUGTRAQ)
44624 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
cve@mitre.org (Exploit, x_refsource_MISC)
8263 (x_refsource_SREASON, third-party-advisory)
oval:org.mitre.oval:def:14203 (x_refsource_OVAL, signature, vdb-entry)
lotus-notes-xlssr-bo(67619) (vdb-entry, x_refsource_XF)