Critical

CVE-2008-4564 - Buffer Errors vulnerability in multiple products

Publication: 2009-03-18
Summary

Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.

Classification
CWE-119: Buffer Errors

Risk level (CVSS 9.3)

Critical

9.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Autonomy Keyview Export SDK 2.0
  • Autonomy Keyview Filter SDK 2.0
  • Autonomy Keyview Viewer SDK 2.0
  • Symantec Mail Security 5.0.0
  • Symantec Brightmail 5.0
  • Symantec Mail Security 5.0.0
  • Symantec Mail Security 5.0.0.24
  • Symantec Mail Security 5.0
  • Symantec Mail Security 5.0.1.182
  • Symantec Mail Security 5.0.1.181
  • Symantec Mail Security 5.0.1
  • Symantec Mail Security 5.0.1.200
  • Symantec Mail Security 5.0.1.189
  • IBM Lotus Notes 5.0.3
  • Symantec Mail Security 5.0.10
  • Symantec Mail Security 5.0.11
  • IBM Lotus Notes 5.0.12
  • IBM Lotus Notes 6.0
  • IBM Lotus Notes 6.0.1
  • IBM Lotus Notes 6.0.2
  • IBM Lotus Notes 6.0.3
  • IBM Lotus Notes 6.0.4
  • IBM Lotus Notes 6.0.5
  • Symantec Mail Security 6.0.6
  • Symantec Mail Security 6.0.7
  • IBM Lotus Notes 6.5
  • IBM Lotus Notes 6.5.1
  • IBM Lotus Notes 6.5.2
  • IBM Lotus Notes 6.5.3
  • IBM Lotus Notes 6.5.4
  • IBM Lotus Notes 6.5.5
  • IBM Lotus Notes 6.5.5
  • IBM Lotus Notes 6.5.5
  • IBM Lotus Notes 6.5.6
  • IBM Lotus Notes 6.5.6
  • Symantec Enforce 7.0
  • Symantec Data Loss Prevention Detection Servers 7.0
  • IBM Lotus Notes 7.0
  • Symantec Altiris Deployment Solution
  • IBM Lotus Notes 7.0.1
  • IBM Lotus Notes 7.0.2
  • IBM Lotus Notes 7.0.2
  • IBM Lotus Notes 7.0.3
  • Symantec Mail Security 7.5..4.29
  • Symantec Mail Security 7.5.3.25
  • Symantec Mail Security 7.5.5.32
  • IBM Lotus Notes 8.0
  • Symantec Data Loss Prevention Detection Servers 8.0
  • Symantec Enforce 8.0
  • Symantec Data Loss Prevention Endpoint Agents 8.0
  • Symantec Data Loss Prevention Detection Servers 8.1
  • Symantec Enforce 8.1
  • Symantec Data Loss Prevention Endpoint Agents 8.1
  • Symantec Data Loss Prevention Detection Servers 8.1
  • Symantec Enforce 8.1
  • Autonomy Keyview Export SDK 9.2.0
  • Autonomy Keyview Viewer SDK 9.2.0
  • Autonomy Keyview Filter SDK 9.2.0
  • Autonomy Keyview Filter SDK 10
  • Autonomy Keyview Viewer SDK 10
  • Autonomy Keyview Export SDK 10
  • Autonomy Keyview Filter SDK 10.3
  • Autonomy Keyview Export SDK 10.3
  • Autonomy Keyview Viewer SDK 10.3
  • Autonomy Keyview Export SDK 10.4
  • Autonomy Keyview Filter SDK 10.4
  • Autonomy Keyview Viewer SDK 10.4