CVE-2008-4564

Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.

Link	Resource
http://secunia.com/advisories/34307	Vendor Advisory
http://www.securityfocus.com/bid/34086
http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21377573	Vendor Advisory
https://customers.autonomy.com/support/secure/docs/Updates/Keyview/Filter%20SDK/10.4/kv_update_nti40_10.4.zip.readme.html
http://www.vupen.com/english/advisories/2009/0744	Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774
http://www.symantec.com/avcenter/security/Content/2009.03.17a.html	Vendor Advisory
http://securitytracker.com/id?1021856
http://securitytracker.com/id?1021857
http://secunia.com/advisories/34318
http://www.vupen.com/english/advisories/2009/0756
http://secunia.com/advisories/34355
http://www.vupen.com/english/advisories/2009/0757
http://secunia.com/advisories/34303
http://osvdb.org/52713
http://www.securitytracker.com/id?1021859
http://www.kb.cert.org/vuls/id/276563	US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/49284

Configuration 1

cpe:2.3:a:symantec:data_loss_prevention_detection_servers:7.0:*:*:*:*:*:*:* cpe:2.3:a:autonomy:keyview_filter_sdk:10.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:6.5.5:*:fp3:*:*:*:*:* cpe:2.3:a:symantec:mail_security:7.5..4.29:*:domino:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:* cpe:2.3:a:autonomy:keyview_filter_sdk:9.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:6.5.5:*:fp2:*:*:*:*:* cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:* cpe:2.3:a:autonomy:keyview_filter_sdk:*:*:*:*:*:*:*:* cpe:2.3:a:symantec:mail_security:6.0.7:microsoft_exchange:*:*:*:*:*:* cpe:2.3:a:autonomy:keyview_export_sdk:10.3:*:*:*:*:*:*:* cpe:2.3:a:symantec:enforce:8.1:*:windows:*:*:*:*:* cpe:2.3:a:autonomy:keyview_export_sdk:10:*:*:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:autonomy:keyview_filter_sdk:10:*:*:*:*:*:*:* cpe:2.3:a:autonomy:keyview_viewer_sdk:*:*:*:*:*:*:*:* cpe:2.3:a:symantec:mail_security:6.0.6:microsoft_exchange:*:*:*:*:*:* cpe:2.3:a:autonomy:keyview_viewer_sdk:2.0:*:*:*:*:*:*:* cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1:*:linux:*:*:*:*:* cpe:2.3:a:symantec:enforce:8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:6.5.6:*:*:*:*:*:*:* cpe:2.3:a:symantec:mail_security:5.0.1.181:*:smtp:*:*:*:*:* cpe:2.3:a:symantec:mail_security:7.5.3.25:*:domino:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:5.0.12:*:*:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:* cpe:2.3:a:autonomy:keyview_viewer_sdk:10.3:*:*:*:*:*:*:* cpe:2.3:a:autonomy:keyview_viewer_sdk:10:*:*:*:*:*:*:* cpe:2.3:a:autonomy:keyview_export_sdk:*:*:*:*:*:*:*:* cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:8.1:*:*:*:*:*:*:* cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1:*:windows:*:*:*:*:* cpe:2.3:a:symantec:mail_security:5.0.11:*:microsoft_exchange:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:autonomy:keyview_export_sdk:9.2.0:*:*:*:*:*:*:* cpe:2.3:a:symantec:mail_security:5.0.0.24:*:appliance:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:6.5.6:*:fp2:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:symantec:mail_security:5.0.1.182:*:smtp:*:*:*:*:* cpe:2.3:a:symantec:mail_security:7.5.5.32:*:domino:*:*:*:*:* cpe:2.3:a:symantec:mail_security:5.0.1.200:*:smtp:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:7.0.2:*:fp1:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:* cpe:2.3:a:symantec:enforce:7.0:*:*:*:*:*:*:* cpe:2.3:a:symantec:enforce:8.1:*:linux:*:*:*:*:* cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:symantec:mail_security:5.0.1.189:*:smtp:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:* cpe:2.3:a:symantec:mail_security:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:autonomy:keyview_filter_sdk:2.0:*:*:*:*:*:*:* cpe:2.3:a:autonomy:keyview_viewer_sdk:9.2.0:*:*:*:*:*:*:* cpe:2.3:a:symantec:mail_security:5.0:*:appliance:*:*:*:*:* cpe:2.3:a:symantec:altiris_deployment_solution:*:*:*:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:lotus_notes:6.5.5:*:*:*:*:*:*:* cpe:2.3:a:symantec:mail_security:5.0.10:*:microsoft_exchange:*:*:*:*:* cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:* cpe:2.3:a:symantec:brightmail:5.0:*:appliance:*:*:*:*:* cpe:2.3:a:autonomy:keyview_export_sdk:2.0:*:*:*:*:*:*:*

---

Published : 2009-03-18 03:30

Updated : 2017-08-08 01:32

---

NVD link : CVE-2008-4564

Mitre link : CVE-2008-4564

Altiris Deployment Solution

Symantec

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer