Vulnerability Description
Heap-based buffer overflow in an unspecified library in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted compound file, as demonstrated using a Quattro Pro file, which is not properly handled by the Quattro speed reader (qpssr.dll).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Autonomy | Keyview Export Sdk | 10.4 |
| Autonomy | Keyview Filter Sdk | 10.4 |
| Autonomy | Keyview Viewer Sdk | 10.4 |
Related Weaknesses (CWE)
References
- http://secunia.com/secunia_research/2010-16/Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21440812
- http://www.securityfocus.com/bid/41928
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit
- http://secunia.com/secunia_research/2010-16/Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21440812
- http://www.securityfocus.com/bid/41928
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit
FAQ
What is CVE-2010-0126?
CVE-2010-0126 is a vulnerability with a CVSS score of 9.3 (HIGH). Heap-based buffer overflow in an unspecified library in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a c...
How severe is CVE-2010-0126?
CVE-2010-0126 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0126?
Check the references section above for vendor advisories and patch information. Affected products include: Autonomy Keyview Export Sdk, Autonomy Keyview Filter Sdk, Autonomy Keyview Viewer Sdk.