CVE-2009-3037
IBM Lotus Notes 5.x-8.5.x - Remote Code Execution via Crafted XLS Spreadsheet
Title source: llmDescription
Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.
References (7)
Core 7
Core References
Third Party Advisory x_refsource_confirm
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2389
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36042
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36472
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36474
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21396492
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36124
Scores
EPSS
0.1849
EPSS Percentile
95.3%
Details
CWE
CWE-119
Status
published
Products (44)
autonomy/keyview
ibm/lotus_notes
5.0
ibm/lotus_notes
5.0.1
ibm/lotus_notes
5.0.2
ibm/lotus_notes
5.0.3
ibm/lotus_notes
5.0.4
ibm/lotus_notes
5.0.5
ibm/lotus_notes
5.0.6
ibm/lotus_notes
5.0.9a
ibm/lotus_notes
5.0.10
... and 34 more
Published
Sep 01, 2009
Tracked Since
Feb 18, 2026