| Summary | Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow. |
|---|---|
| Publication Date | March 6, 2010, 4:30 a.m. |
| Registration Date | Jan. 29, 2021, 1:22 p.m. |
| Last Update | Feb. 7, 2013, 1:21 p.m. |
| CVSS2.0 : HIGH | |
| Score | 10.0 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| 攻撃元区分(AV) | ネットワーク |
| 攻撃条件の複雑さ(AC) | 低 |
| 攻撃前の認証要否(Au) | 不要 |
| 機密性への影響(C) | 高 |
| 完全性への影響(I) | 高 |
| 可用性への影響(A) | 高 |
| Get all privileges. | いいえ |
| Get user privileges | いいえ |
| Get other privileges | いいえ |
| User operation required | いいえ |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:brightmail_gateway:8.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1.1:*:linux:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1.1:*:windows:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:data_loss_prevention_detection_servers:9.0.1:*:linux:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:data_loss_prevention_detection_servers:9.0.1:*:windows:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:data_loss_prevention_detection_servers:10.0:*:linux:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:data_loss_prevention_detection_servers:10.0:*:windows:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:8.1.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:9.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:10.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:im_manager_2007:*:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:5.0.1.181:*:smtp:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:5.0.1.182:*:smtp:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:5.0.1.189:*:smtp:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:5.0.11:*:microsoft_exchange:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:5.0.12:*:microsoft_exchange:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:5.0.13:*:microsoft_exchange:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:6.0.6:*:microsoft_exchange:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:6.0.7:*:microsoft_exchange:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:6.0.8:*:microsoft_exchange:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:7.5.3.25:*:domino:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:7.5.4.29:*:domino:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:7.5.5.32:*:domino:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:7.5.6:*:domino:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:7.5.7:*:domino:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:7.5.8:*:domino:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:8.0:*:domino:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:8.0.1:*:domino:*:*:*:*:* | |||||
| cpe:2.3:a:symantec:mail_security:8.0.2:*:domino:*:*:*:*:* | |||||
| Title | Autonomy KeyView Filter SDK の kvolefio.dll における整数オーバーフローの脆弱性 |
|---|---|
| Summary | Autonomy KeyView Filter SDK の kvolefio.dll には、OLE ドキュメントの処理に不備があるため、整数オーバーフローの脆弱性が存在します。 |
| Possible impacts | 攻撃者により、巧妙に細工された OLE ドキュメントを介し、ヒープベースのバッファオーバーフローを誘発され、任意のコードを実行される可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | March 5, 2010, midnight |
| Registration Date | Aug. 19, 2010, 6:22 p.m. |
| Last Update | Aug. 19, 2010, 6:22 p.m. |
| IBM |
| IBM Notes 6.5.x |
| IBM Notes 7.x |
| IBM Notes 8.0.2 FP4 未満 |
| IBM Notes 8.5.1 FP1 未満 |
| IBM Notes 8.5.2 未満 |
| シマンテック |
| Symantec BrightMail Gateway 8.x およびそれ以前 |
| Symantec Data Loss Prevention Endpoint Agents 10.0 |
| Symantec Data Loss Prevention Endpoint Agents 8.1.1 |
| Symantec Data Loss Prevention Endpoint Agents 9.x |
| Symantec Data Loss Prevention Enforce/Detection Servers (linux) 10.0 |
| Symantec Data Loss Prevention Enforce/Detection Servers (linux) 8.1.1 |
| Symantec Data Loss Prevention Enforce/Detection Servers (linux) 9.x |
| Symantec Data Loss Prevention Enforce/Detection Servers (windows) 10.0 |
| Symantec Data Loss Prevention Enforce/Detection Servers (windows) 8.1.1 |
| Symantec Data Loss Prevention Enforce/Detection Servers (windows) 9.x |
| Symantec IM Manager 2007 8.x |
| Symantec Mail Security (domino) 7.5.3.25 |
| Symantec Mail Security (domino) 7.5.4.29 |
| Symantec Mail Security (domino) 7.5.5.32 |
| Symantec Mail Security (domino) 7.5.6 |
| Symantec Mail Security (domino) 7.5.7 |
| Symantec Mail Security (domino) 7.5.8 |
| Symantec Mail Security (domino) 8.0 |
| Symantec Mail Security (domino) 8.0.1 |
| Symantec Mail Security (domino) 8.0.2 |
| Symantec Mail Security (exchange) 5.0.10 |
| Symantec Mail Security (exchange) 5.0.11 |
| Symantec Mail Security (exchange) 5.0.12 |
| Symantec Mail Security (exchange) 5.0.13 |
| Symantec Mail Security (exchange) 6.0.6 |
| Symantec Mail Security (exchange) 6.0.7 |
| Symantec Mail Security (exchange) 6.0.8 |
| Symantec Mail Security (exchange) 6.0.9 |
| Symantec Mail Security (smtp) (EOL) 5.0.x |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2010年08月19日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |