製品・ソフトウェアに関する情報

JVN脆弱性詳細

IBM Lotus Notes の xlssr.dll におけるヒープベースのバッファオーバーフローの脆弱性

Title	IBM Lotus Notes の xlssr.dll におけるヒープベースのバッファオーバーフローの脆弱性
Summary	IBM Lotus Notes の Autonomy KeyView 内にある xlssr.dll には、ヒープベースのバッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者により、.xls Excel スプレッドシート内の不正な形式の BIFF レコードを介して、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 24, 2011, midnight
Registration Date	June 9, 2011, 10:31 a.m.
Last Update	Aug. 16, 2011, 11:26 a.m.

CVSS2.0 : 危険
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected System

IBM

IBM Notes 8.5.2 FP3 未満

シマンテック

Symantec Brightmail Gateway および Symantec Messaging Gateway 9.5.1 未満

Symantec Data Loss Prevention Endpoint Agents 10.x およびそれ以前

Symantec Data Loss Prevention Endpoint Agents 11.1.1 未満の 11.x

Symantec Data Loss Prevention Enforce/Detection Servers (linux) 10.x およびそれ以前

Symantec Data Loss Prevention Enforce/Detection Servers (linux) 11.1.1 未満の 11.x

Symantec Data Loss Prevention Enforce/Detection Servers (windows) 10.x およびそれ以前

Symantec Data Loss Prevention Enforce/Detection Servers (windows) 11.1.1 未満の 11.x

Symantec Mail Security (domino) (SMSDOM) 8.0.9 未満の 8.x

Symantec Mail Security (domino) 7.5.12 未満の 7.5.x

Symantec Mail Security (exchange) 6.5.6 未満、または 6.0.13 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-1512	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1512
National Vulnerability Database (NVD)
2	CVE-2011-1512	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1512

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
IBM
1	8.5.2 FP3	http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/b23767bb4ff78657852578d1005f85b8?OpenDocument
2	853	http://www-10.lotus.com/ldd/r5fixlist.nsf/%28Progress%29/853
IBM Support Document
3	1500034	http://www-01.ibm.com/support/docview.wss?uid=swg21500034
4	1508247	http://www-01.ibm.com/support/docview.wss?uid=swg21508247
IBM サポート & ダウンロード
5	1500807	http://www-01.ibm.com/support/docview.wss?uid=swg21500807
Symantec Security Advisory
6	SYM11-013	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20111006_00
シマンテックセキュリティ・アドバイザリー
7	SYM11-013	http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20111006_00

その他

No	Name	URL
ISS X-Force Database
1	67619	http://xforce.iss.net/xforce/xfdb/67619
Secunia Advisory
2	SA44624	http://secunia.com/advisories/44624
SecurityFocus
3	48017	http://www.securityfocus.com/bid/48017

Change Log

No	Changed Details	Date of change
0	[2011年06月09日] 掲載 [2011年07月20日] ベンダ情報：IBM (1500807) を追加 [2011年08月16日] ベンダ情報：IBM (1508247) を追加 [2012年08月01日] 影響を受けるシステム：シマンテック (SYM11-013) の情報を追加ベンダ情報：シマンテック (SYM11-013) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2011-1512

Summary	Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR.
Publication Date	June 1, 2011, 5:55 a.m.
Registration Date	Jan. 28, 2021, 4:38 p.m.
Last Update	Nov. 21, 2024, 10:26 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:lotus_notes:5.0.1:::::::*
cpe:2.3:a:autonomy:keyview::::::::
cpe:2.3:a:ibm:lotus_notes:4.6:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.2.1:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.6a:::::::*
cpe:2.3:a:ibm:lotus_notes:4.2.1:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.2.6:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.4.0:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.2:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.5.01:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.1.02:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0.1:cf3::::::
cpe:2.3:a:ibm:lotus_notes:6.0.2.2:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.1.1:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.9:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.5.2:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.0.1:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.5.02:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.4a:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.5.1:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.2.0:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.1.3:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.4:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.6.2:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.2.5:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.1:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0.1:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.1.2:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.2.2:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.1.4:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.1a:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.2b:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.2c:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.6:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.6.1:::::::*
cpe:2.3:a:ibm:lotus_notes:5.02:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.3:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.2.3:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.4.1:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.6:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.2.1:::::::*
cpe:2.3:a:ibm:lotus_notes:4.6.7a:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.0:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.1:::::::*
cpe:2.3:a:ibm:lotus_notes:4.6.7h:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.12:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.2.1:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0.2:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.2.3:::::::*
cpe:2.3:a:ibm:lotus_notes:4.2:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.4:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.1b:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0.2:cf1::::::
cpe:2.3:a:ibm:lotus_notes:6.0.4:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.2.0:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.3.1:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.2:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.4:::::::*
cpe:2.3:a:ibm:lotus_notes:4.2.2:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.2a:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.2.4:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.1:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.3:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0.5:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.5.3:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.1c:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.4.3:::::::*
cpe:2.3:a:ibm:lotus_notes:3.0.0.2:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.0.0:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.4.1:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.11:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.1.1:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0.1:cf2::::::
cpe:2.3:a:ibm:lotus_notes:5.0.2:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.1.0:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.6.3:::::::*
cpe:2.3:a:ibm:lotus_notes:3.0.0.1:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0a:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0.2:cf2::::::
cpe:2.3:a:ibm:lotus_notes:5.0.6a.01:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.5:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.4.2:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.8:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.1.5:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.1:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.0:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.7a:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.4.2:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.3:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.2.2:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.10:::::::*
cpe:2.3:a:ibm:lotus_notes::::::::		8.5.2.2
cpe:2.3:a:ibm:lotus_notes:5.0.7:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.3.1:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0.3:::::::*
cpe:2.3:a:ibm:lotus_notes:3.0:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.9a:::::::*
cpe:2.3:a:ibm:lotus_notes:4.5:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.2:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.5:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0.1:cf1::::::

Related information, measures and tools

No	URL	タグ
1	http://secunia.com/advisories/44624	Vendor Advisory
2	http://securityreason.com/securityalert/8263
3	http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow	Exploit
4	http://www.ibm.com/support/docview.wss?uid=swg21500034
5	http://www.securityfocus.com/archive/1/518120/100/0/threaded
6	http://www.securityfocus.com/bid/47962
7	https://exchange.xforce.ibmcloud.com/vulnerabilities/67619
8	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14203
9	http://secunia.com/advisories/44624	Vendor Advisory
10	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14203
11	https://exchange.xforce.ibmcloud.com/vulnerabilities/67619
12	http://www.securityfocus.com/bid/47962
13	http://www.securityfocus.com/archive/1/518120/100/0/threaded
14	http://www.ibm.com/support/docview.wss?uid=swg21500034
15	http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow	Exploit
16	http://securityreason.com/securityalert/8263

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:lotus_notes:5.0.1:::::::*
cpe:2.3:a:autonomy:keyview::::::::
cpe:2.3:a:ibm:lotus_notes:4.6:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.2.1:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.6a:::::::*
cpe:2.3:a:ibm:lotus_notes:4.2.1:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.2.6:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.4.0:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.2:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.5.01:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.1.02:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0.1:cf3::::::
cpe:2.3:a:ibm:lotus_notes:6.0.2.2:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.1.1:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.9:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.5.2:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.0.1:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.5.02:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.4a:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.5.1:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.2.0:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.1.3:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.4:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.6.2:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.2.5:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.1:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0.1:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.1.2:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.2.2:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.1.4:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.1a:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.2b:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.2c:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.6:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.6.1:::::::*
cpe:2.3:a:ibm:lotus_notes:5.02:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.3:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.2.3:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.4.1:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.6:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.2.1:::::::*
cpe:2.3:a:ibm:lotus_notes:4.6.7a:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.0:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.1:::::::*
cpe:2.3:a:ibm:lotus_notes:4.6.7h:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.12:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.2.1:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0.2:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.2.3:::::::*
cpe:2.3:a:ibm:lotus_notes:4.2:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.4:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.1b:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0.2:cf1::::::
cpe:2.3:a:ibm:lotus_notes:6.0.4:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.2.0:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.3.1:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.2:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.4:::::::*
cpe:2.3:a:ibm:lotus_notes:4.2.2:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.2a:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.2.4:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.1:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.3:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0.5:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.5.3:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.1c:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.4.3:::::::*
cpe:2.3:a:ibm:lotus_notes:3.0.0.2:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.0.0:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.4.1:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.11:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.1.1:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0.1:cf2::::::
cpe:2.3:a:ibm:lotus_notes:5.0.2:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.1.0:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.6.3:::::::*
cpe:2.3:a:ibm:lotus_notes:3.0.0.1:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0a:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0.2:cf2::::::
cpe:2.3:a:ibm:lotus_notes:5.0.6a.01:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.5:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.4.2:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.8:::::::*
cpe:2.3:a:ibm:lotus_notes:8.5.1.5:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.1:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.0:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.7a:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.4.2:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.3:::::::*
cpe:2.3:a:ibm:lotus_notes:8.0.2.2:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.10:::::::*
cpe:2.3:a:ibm:lotus_notes::::::::		8.5.2.2
cpe:2.3:a:ibm:lotus_notes:5.0.7:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.3.1:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0.3:::::::*
cpe:2.3:a:ibm:lotus_notes:3.0:::::::*
cpe:2.3:a:ibm:lotus_notes:5.0.9a:::::::*
cpe:2.3:a:ibm:lotus_notes:4.5:::::::*
cpe:2.3:a:ibm:lotus_notes:7.0.2:::::::*
cpe:2.3:a:ibm:lotus_notes:6.5.5:::::::*
cpe:2.3:a:ibm:lotus_notes:6.0.1:cf1::::::