CVE-2009-3037 : Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes

Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.

Published 2009-09-01 16:30:01

Updated 2013-02-07 04:21:30

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2009-3037

Probability of exploitation activity in the next 30 days: 29.81%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-3037

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2009-3037

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-3037

Products affected by CVE-2009-3037

IBM » Lotus Notes » Version: 5.0.1
cpe:2.3:a:ibm:lotus_notes:5.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.2
cpe:2.3:a:ibm:lotus_notes:5.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0
cpe:2.3:a:ibm:lotus_notes:5.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.3
cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.4
cpe:2.3:a:ibm:lotus_notes:5.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.10
cpe:2.3:a:ibm:lotus_notes:5.0.10:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.11
cpe:2.3:a:ibm:lotus_notes:5.0.11:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.5
cpe:2.3:a:ibm:lotus_notes:5.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.9a
cpe:2.3:a:ibm:lotus_notes:5.0.9a:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.0.3
cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5
cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.1
cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.0
cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.0.1
cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.0.2
cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.0.5
cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.2
cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.0.4
cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.3
cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.4
cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.5
cpe:2.3:a:ibm:lotus_notes:6.5.5:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0.0
cpe:2.3:a:ibm:lotus_notes:7.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0.1
cpe:2.3:a:ibm:lotus_notes:7.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0
cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.12
cpe:2.3:a:ibm:lotus_notes:5.0.12:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0.2
cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0.3
cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.0
cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.0.1
cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.0.0
cpe:2.3:a:ibm:lotus_notes:8.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.6
cpe:2.3:a:ibm:lotus_notes:6.5.6:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.5 FP3 Edition
cpe:2.3:a:ibm:lotus_notes:6.5.5:*:fp3:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.5 FP2 Edition
cpe:2.3:a:ibm:lotus_notes:6.5.5:*:fp2:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 7.0.2 FP1 Edition
cpe:2.3:a:ibm:lotus_notes:7.0.2:*:fp1:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 6.5.6 FP2 Edition
cpe:2.3:a:ibm:lotus_notes:6.5.6:*:fp2:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 8.5
cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.02
cpe:2.3:a:ibm:lotus_notes:5.02:*:*:*:*:*:*:*
Matching versions
IBM » Lotus Notes » Version: 5.0.6
cpe:2.3:a:ibm:lotus_notes:5.0.6:*:*:*:*:*:*:*
Matching versions
Symantec » Mail Security » Version: 5.0.1 Smtp Edition
cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*
Matching versions
Symantec » Mail Security » Version: 5.0 Smtp Edition
cpe:2.3:a:symantec:mail_security:5.0:*:smtp:*:*:*:*:*
Matching versions
Symantec » Mail Security » Version: 5.0.0 Smtp Edition
cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*
Matching versions
Symantec » Mail Security » Version: 7.5.3.25 Domino Edition
cpe:2.3:a:symantec:mail_security:7.5.3.25:*:domino:*:*:*:*:*
Matching versions
Symantec » Mail Security » Version: 5.0.11 Microsoft Exchange Edition
cpe:2.3:a:symantec:mail_security:5.0.11:*:microsoft_exchange:*:*:*:*:*
Matching versions
Symantec » Mail Security » Version: 5.0.10 Microsoft Exchange Edition
cpe:2.3:a:symantec:mail_security:5.0.10:*:microsoft_exchange:*:*:*:*:*
Matching versions
Symantec » Mail Security » Version: 7.5.5.32 Domino Edition
cpe:2.3:a:symantec:mail_security:7.5.5.32:*:domino:*:*:*:*:*
Matching versions
Symantec » Mail Security » Version: 5.0.1.181 Smtp Edition
cpe:2.3:a:symantec:mail_security:5.0.1.181:*:smtp:*:*:*:*:*
Matching versions
Symantec » Mail Security » Version: 5.0.1.182 Smtp Edition
cpe:2.3:a:symantec:mail_security:5.0.1.182:*:smtp:*:*:*:*:*
Matching versions
Symantec » Mail Security » Version: 5.0.1.189 Smtp Edition
cpe:2.3:a:symantec:mail_security:5.0.1.189:*:smtp:*:*:*:*:*
Matching versions
Symantec » Mail Security » Version: 5.0.1.200 Smtp Edition
cpe:2.3:a:symantec:mail_security:5.0.1.200:*:smtp:*:*:*:*:*
Matching versions
Symantec » Mail Security » Version: 7.5.4.29 Domino Edition
cpe:2.3:a:symantec:mail_security:7.5.4.29:*:domino:*:*:*:*:*
Matching versions
Symantec » Mail Security » Version: 6.0.6 Microsoft Exchange Edition
cpe:2.3:a:symantec:mail_security:6.0.6:*:microsoft_exchange:*:*:*:*:*
Matching versions
Symantec » Mail Security » Version: 5.0.12 Microsoft Exchange Edition
cpe:2.3:a:symantec:mail_security:5.0.12:*:microsoft_exchange:*:*:*:*:*
Matching versions
Symantec » Mail Security » Version: 7.5.6 Domino Edition
cpe:2.3:a:symantec:mail_security:7.5.6:*:domino:*:*:*:*:*
Matching versions
Symantec » Mail Security » Version: 6.0.7 Microsoft Exchange Edition
cpe:2.3:a:symantec:mail_security:6.0.7:*:microsoft_exchange:*:*:*:*:*
Matching versions
Symantec » Mail Security » Version: 6.0.8 Microsoft Exchange Edition
cpe:2.3:a:symantec:mail_security:6.0.8:*:microsoft_exchange:*:*:*:*:*
Matching versions
Symantec » Mail Security » Version: 8.0 Domino Edition
cpe:2.3:a:symantec:mail_security:8.0:*:domino:*:*:*:*:*
Matching versions
Symantec » Mail Security Appliance » Version: 5.0
cpe:2.3:a:symantec:mail_security_appliance:5.0:*:*:*:*:*:*:*
Matching versions
Symantec » Mail Security Appliance » Version: 5.0.0.36
cpe:2.3:a:symantec:mail_security_appliance:5.0.0.36:*:*:*:*:*:*:*
Matching versions
Symantec » Mail Security Appliance » Version: 5.0.0.24
cpe:2.3:a:symantec:mail_security_appliance:5.0.0.24:*:*:*:*:*:*:*
Matching versions
Symantec » Data Loss Prevention Detection Servers » Version: 8.1.1 Linux Edition
cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1.1:*:linux:*:*:*:*:*
Matching versions
Symantec » Data Loss Prevention Detection Servers » Version: 8.1.1 Windows Edition
cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1.1:*:windows:*:*:*:*:*
Matching versions
Symantec » Data Loss Prevention Detection Servers » Version: 9.0.1 Linux Edition
cpe:2.3:a:symantec:data_loss_prevention_detection_servers:9.0.1:*:linux:*:*:*:*:*
Matching versions
Symantec » Data Loss Prevention Detection Servers » Version: 9.0.1 Windows Edition
cpe:2.3:a:symantec:data_loss_prevention_detection_servers:9.0.1:*:windows:*:*:*:*:*
Matching versions
Symantec » Data Loss Prevention Detection Servers » Version: 7.2
cpe:2.3:a:symantec:data_loss_prevention_detection_servers:7.2:*:*:*:*:*:*:*
Matching versions
Symantec » Data Loss Prevention Endpoint Agents » Version: 9.0.1
cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:9.0.1:*:*:*:*:*:*:*
Matching versions
Symantec » Data Loss Prevention Endpoint Agents » Version: 8.1.1
cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:8.1.1:*:*:*:*:*:*:*
Matching versions
Symantec » Brightmail Appliance » Version: 5.0
cpe:2.3:a:symantec:brightmail_appliance:5.0:*:*:*:*:*:*:*
Matching versions
Symantec » Brightmail Appliance » Version: 8.0.1
cpe:2.3:a:symantec:brightmail_appliance:8.0.1:*:*:*:*:*:*:*
Matching versions
Symantec » Brightmail Appliance » Version: 8.0.0
cpe:2.3:a:symantec:brightmail_appliance:8.0.0:*:*:*:*:*:*:*
Matching versions
Autonomy » Keyview
cpe:2.3:a:autonomy:keyview:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2009-3037

Exploit prediction scoring system (EPSS) score for CVE-2009-3037

CVSS scores for CVE-2009-3037

CWE ids for CVE-2009-3037

References for CVE-2009-3037

Products affected by CVE-2009-3037