Vulnerability Description
Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Autonomy | Keyview Export Sdk | <= 10.4 |
| Autonomy | Keyview Filter Sdk | <= 10.4 |
| Autonomy | Keyview Viewer Sdk | <= 10.4 |
| Ibm | Lotus Notes | 5.0.3 |
| Symantec | Altiris Deployment Solution | All versions |
| Symantec | Brightmail | 5.0 |
| Symantec | Data Loss Prevention Detection Servers | 7.0 |
| Symantec | Data Loss Prevention Endpoint Agents | 8.0 |
| Symantec | Enforce | 7.0 |
| Symantec | Mail Security | 5.0 |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774
- http://osvdb.org/52713
- http://secunia.com/advisories/34303
- http://secunia.com/advisories/34307Vendor Advisory
- http://secunia.com/advisories/34318
- http://secunia.com/advisories/34355
- http://securitytracker.com/id?1021856
- http://securitytracker.com/id?1021857
- http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21377573Vendor Advisory
- http://www.kb.cert.org/vuls/id/276563US Government Resource
- http://www.securityfocus.com/bid/34086
- http://www.securitytracker.com/id?1021859
- http://www.symantec.com/avcenter/security/Content/2009.03.17a.htmlVendor Advisory
- http://www.vupen.com/english/advisories/2009/0744Vendor Advisory
- http://www.vupen.com/english/advisories/2009/0756
FAQ
What is CVE-2008-4564?
CVE-2008-4564 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Sy...
How severe is CVE-2008-4564?
CVE-2008-4564 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4564?
Check the references section above for vendor advisories and patch information. Affected products include: Autonomy Keyview Export Sdk, Autonomy Keyview Filter Sdk, Autonomy Keyview Viewer Sdk, Ibm Lotus Notes, Symantec Altiris Deployment Solution.