CVE-2010-0126

Autonomy KeyView 10.4 and 10.9 - Heap-Based Buffer Overflow via Crafted Compound File

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in an unspecified library in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted compound file, as demonstrated using a Quattro Pro file, which is not properly handled by the Quattro speed reader (qpssr.dll).

References (4)

Core 4
Core References
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2010-16/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/41928
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21440812

Scores

EPSS 0.0397
EPSS Percentile 89.3%

Details

CWE
CWE-119
Status published
Products (6)
autonomy/keyview_export_sdk 10.4
autonomy/keyview_export_sdk 10.9
autonomy/keyview_filter_sdk 10.4
autonomy/keyview_filter_sdk 10.9
autonomy/keyview_viewer_sdk 10.4
autonomy/keyview_viewer_sdk 10.9
Published Aug 17, 2010
Tracked Since Feb 18, 2026