Overview
- Description
- Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 8.8
- Impact score
- 9.2
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:N
Weaknesses
- nvd@nist.gov
- CWE-119
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C1D5D749-546A-4655-A0BF-0A2D4E9F51A1"
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E234AD1-7202-421E-82C8-880E84876021"
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC"
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68AEB13D-C7C6-426F-8484-85EFF7245DF5"
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "692E295E-E650-42D5-AF7A-D6276C3D76E0"
}
],
"operator": "OR"
}
]
}
]