Vulnerabilities > CVE-2009-3032 - Numeric Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Windows |
NASL id | SYMANTEC_IM_MGR_KEYVIEW_OLE_OVERFLOW.NASL |
description | A version of Symantec IM Manager 8.x earlier than 8.3.14 is installed on the remote Windows host. Such versions may be affected by one or both of the following vulnerabilities : - An integer overflow vulnerability in the third-party Autonomy KeyView module can be triggered when parsing a specially crafted OLE document and lead to a heap overflow and execution of arbitrary code. (CVE-2009-3032) - The IM Manager console fails to properly filter user input from non-privileged users with authorized access to the console, which can be exploited to inject arbitrary HTML or script code into a user |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 45018 |
published | 2010-03-09 |
reporter | This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/45018 |
title | Symantec IM Manager 8.x < 8.3.14 (SYM10-005 and SYM10-006) |
code |
|
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=858
- http://www.securityfocus.com/bid/38468
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100304_00
- http://www-01.ibm.com/support/docview.wss?uid=swg21440812