CVE-2009-3037
Summary
| CVE | CVE-2009-3037 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-09-01 16:30:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:M/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Autonomy | Keyview | All | All | All | All |
| Application | Ibm | Lotus Notes | 5.0 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0.1 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0.10 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0.11 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0.12 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0.2 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0.3 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0.4 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0.5 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0.6 | All | All | All |
| Application | Ibm | Lotus Notes | 5.0.9a | All | All | All |
| Application | Ibm | Lotus Notes | 5.02 | All | All | All |
| Application | Ibm | Lotus Notes | 6.0 | All | All | All |
| Application | Ibm | Lotus Notes | 6.0.1 | All | All | All |
| Application | Ibm | Lotus Notes | 6.0.2 | All | All | All |
| Application | Ibm | Lotus Notes | 6.0.3 | All | All | All |
| Application | Ibm | Lotus Notes | 6.0.4 | All | All | All |
| Application | Ibm | Lotus Notes | 6.0.5 | All | All | All |
| Application | Ibm | Lotus Notes | 6.5 | All | All | All |
| Application | Ibm | Lotus Notes | 6.5.1 | All | All | All |
| Application | Ibm | Lotus Notes | 6.5.2 | All | All | All |
| Application | Ibm | Lotus Notes | 6.5.3 | All | All | All |
| Application | Ibm | Lotus Notes | 6.5.4 | All | All | All |
| Application | Ibm | Lotus Notes | 6.5.5 | All | All | All |
| Application | Ibm | Lotus Notes | 6.5.5 | All | fp2 | All |
| Application | Ibm | Lotus Notes | 6.5.5 | All | fp3 | All |
| Application | Ibm | Lotus Notes | 6.5.6 | All | All | All |
| Application | Ibm | Lotus Notes | 6.5.6 | All | fp2 | All |
| Application | Ibm | Lotus Notes | 7.0 | All | All | All |
| Application | Ibm | Lotus Notes | 7.0.0 | All | All | All |
| Application | Ibm | Lotus Notes | 7.0.1 | All | All | All |
| Application | Ibm | Lotus Notes | 7.0.2 | All | All | All |
| Application | Ibm | Lotus Notes | 7.0.2 | All | fp1 | All |
| Application | Ibm | Lotus Notes | 7.0.3 | All | All | All |
| Application | Ibm | Lotus Notes | 8.0 | All | All | All |
| Application | Ibm | Lotus Notes | 8.0.0 | All | All | All |
| Application | Ibm | Lotus Notes | 8.0.1 | All | All | All |
| Application | Ibm | Lotus Notes | 8.5 | All | All | All |
| Application | Symantec | Brightmail Appliance | 5.0 | All | All | All |
| Application | Symantec | Brightmail Appliance | 8.0.0 | All | All | All |
| Application | Symantec | Brightmail Appliance | 8.0.1 | All | All | All |
| Application | Symantec | Data Loss Prevention Detection Servers | 7.2 | All | All | All |
| Application | Symantec | Data Loss Prevention Detection Servers | 8.1.1 | All | linux | All |
| Application | Symantec | Data Loss Prevention Detection Servers | 8.1.1 | All | windows | All |
| Application | Symantec | Data Loss Prevention Detection Servers | 9.0.1 | All | linux | All |
| Application | Symantec | Data Loss Prevention Detection Servers | 9.0.1 | All | windows | All |
| Application | Symantec | Data Loss Prevention Endpoint Agents | 8.1.1 | All | All | All |
| Application | Symantec | Data Loss Prevention Endpoint Agents | 9.0.1 | All | All | All |
| Application | Symantec | Mail Security | 5.0 | All | smtp | All |
| Application | Symantec | Mail Security | 5.0.0 | All | smtp | All |
| Application | Symantec | Mail Security | 5.0.1 | All | smtp | All |
| Application | Symantec | Mail Security | 5.0.1.181 | All | smtp | All |
| Application | Symantec | Mail Security | 5.0.1.182 | All | smtp | All |
| Application | Symantec | Mail Security | 5.0.1.189 | All | smtp | All |
| Application | Symantec | Mail Security | 5.0.1.200 | All | smtp | All |
| Application | Symantec | Mail Security | 5.0.10 | All | microsoft_exchange | All |
| Application | Symantec | Mail Security | 5.0.11 | All | microsoft_exchange | All |
| Application | Symantec | Mail Security | 5.0.12 | All | microsoft_exchange | All |
| Application | Symantec | Mail Security | 6.0.6 | All | microsoft_exchange | All |
| Application | Symantec | Mail Security | 6.0.7 | All | microsoft_exchange | All |
| Application | Symantec | Mail Security | 6.0.8 | All | microsoft_exchange | All |
| Application | Symantec | Mail Security | 7.5.3.25 | All | domino | All |
| Application | Symantec | Mail Security | 7.5.4.29 | All | domino | All |
| Application | Symantec | Mail Security | 7.5.5.32 | All | domino | All |
| Application | Symantec | Mail Security | 7.5.6 | All | domino | All |
| Application | Symantec | Mail Security | 8.0 | All | domino | All |
| Application | Symantec | Mail Security Appliance | 5.0 | All | All | All |
| Application | Symantec | Mail Security Appliance | 5.0.0.24 | All | All | All |
| Application | Symantec | Mail Security Appliance | 5.0.0.36 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Autonomy KeyView Module Excel Document Processing Buffer Overflow Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| RETIRED: IBM Lotus Notes Keyview XLS File Viewer Remote Buffer Overflow Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Patch, Vendor Advisory |
| Security Advisories Relating to Symantec Products - Symantec Products Autonomy KeyView Module Vulnerability - August 25, 2009 | Symantec | af854a3a-2127-422b-91ae-364da2661108 | www.symantec.com | |
| Lotus Notes 6 Keyview XLS Processing Buffer Overflow Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Lotus Notes Keyview XLS Processing Buffer Overflow Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| IBM - Potential security issue with Lotus Notes file viewer for Microsoft Excel | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.