CVE-2009-3037

high

Description

Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.

References

http://www.vupen.com/english/advisories/2009/2389

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00

http://www.securityfocus.com/bid/36124

http://www.securityfocus.com/bid/36042

http://www-01.ibm.com/support/docview.wss?uid=swg21396492

http://secunia.com/advisories/36474

http://secunia.com/advisories/36472

Details

Source: Mitre, NVD

Published: 2009-09-01

Updated: 2013-02-07

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High