CVE-2010-1525

Description

Integer underflow in the SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted size for an unspecified record type, which triggers a heap-based buffer overflow.

Affected products

Autonomy / keyview_export_sdk10.4 – 10.4
Autonomy / keyview_export_sdk10.9 – 10.9
Autonomy / keyview_filter_sdk10.4 – 10.4
Autonomy / keyview_filter_sdk10.9 – 10.9
Autonomy / keyview_viewer_sdk10.4 – 10.4
Autonomy / keyview_viewer_sdk10.9 – 10.9

References

MISChttp://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01
MISChttp://www.securityfocus.com/bid/41928
MISChttp://www-01.ibm.com/support/docview.wss?uid=swg21440812
MISChttp://secunia.com/secunia_research/2010-49/