CVE-2009-3032
IBM Lotus Notes 8.5 - Remote Code Execution via Crafted OLE Document
Title source: llmDescription
Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_confirm
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100304_00
Exploit third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=858
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21440812
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38468
Scores
EPSS
0.0190
EPSS Percentile
83.5%
Details
CWE
CWE-189
Status
published
Products (28)
ibm/lotus_notes
8.5
symantec/brightmail_gateway
8.0
symantec/data_loss_prevention_detection_servers
8.1.1 (2 CPE variants)
symantec/data_loss_prevention_detection_servers
9.0.1 (2 CPE variants)
symantec/data_loss_prevention_detection_servers
10.0 (2 CPE variants)
symantec/data_loss_prevention_endpoint_agents
8.1.1
symantec/data_loss_prevention_endpoint_agents
9.0.1
symantec/data_loss_prevention_endpoint_agents
10.0
symantec/im_manager_2007
symantec/mail_security
5.0.0
... and 18 more
Published
Mar 05, 2010
Tracked Since
Feb 18, 2026