CVE-2011-1215

Current Description

Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.

Basic Data

PublishedMay 31, 2011
Last ModifiedSeptember 19, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationIbmLotus Notes7.0*******
    2.3ApplicationIbmLotus Notes7.0.0*******
    2.3ApplicationIbmLotus Notes7.0.1*******
    2.3ApplicationIbmLotus Notes7.0.1.1*******
    2.3ApplicationIbmLotus Notes7.0.2*******
    2.3ApplicationIbmLotus Notes7.0.2.1*******
    2.3ApplicationIbmLotus Notes7.0.2.2*******
    2.3ApplicationIbmLotus Notes7.0.2.3*******
    2.3ApplicationIbmLotus Notes7.0.3*******
    2.3ApplicationIbmLotus Notes7.0.3.1*******
    2.3ApplicationIbmLotus Notes7.0.4*******
    2.3ApplicationIbmLotus Notes7.0.4.1*******
    2.3ApplicationIbmLotus Notes7.0.4.2*******
    2.3ApplicationIbmLotus Notes8.0*******
    2.3ApplicationIbmLotus Notes8.0.0*******
    2.3ApplicationIbmLotus Notes8.0.1*******
    2.3ApplicationIbmLotus Notes8.0.2*******
    2.3ApplicationIbmLotus Notes8.0.2.0*******
    2.3ApplicationIbmLotus Notes8.0.2.1*******
    2.3ApplicationIbmLotus Notes8.0.2.2*******
    2.3ApplicationIbmLotus Notes8.0.2.3*******
    2.3ApplicationIbmLotus Notes8.0.2.4*******
    2.3ApplicationIbmLotus Notes8.0.2.5*******
    2.3ApplicationIbmLotus Notes8.0.2.6*******
    2.3ApplicationIbmLotus Notes8.5*******
    2.3ApplicationIbmLotus Notes8.5.0.0*******
    2.3ApplicationIbmLotus Notes8.5.0.1*******
    2.3ApplicationIbmLotus Notes8.5.1*******
    2.3ApplicationIbmLotus Notes8.5.1.0*******
    2.3ApplicationIbmLotus Notes8.5.1.1*******
    2.3ApplicationIbmLotus Notes8.5.1.2*******
    2.3ApplicationIbmLotus Notes8.5.1.3*******
    2.3ApplicationIbmLotus Notes8.5.1.4*******
    2.3ApplicationIbmLotus Notes8.5.1.5*******
    2.3ApplicationIbmLotus Notes8.5.2.0*******
    2.3ApplicationIbmLotus Notes8.5.2.1*******
    2.3ApplicationIbmLotus Notes********8.5.2.2

Vulnerable Software List

VendorProductVersions
Ibm Lotus Notes *, 7.0, 7.0.0, 7.0.1, 7.0.1.1, 7.0.2, 7.0.2.1, 7.0.2.2, 7.0.2.3, 7.0.3, 7.0.3.1, 7.0.4, 7.0.4.1, 7.0.4.2, 8.0, 8.0.0, 8.0.1, 8.0.2, 8.0.2.0, 8.0.2.1, 8.0.2.2, 8.0.2.3, 8.0.2.4, 8.0.2.5, 8.0.2.6, 8.5, 8.5.0.0, 8.5.0.1, 8.5.1, 8.5.1.0, 8.5.1.1, 8.5.1.2, 8.5.1.3, 8.5.1.4, 8.5.1.5, 8.5.2.0, 8.5.2.1

References

NameSourceURLTags
20110524 IBM Lotus Notes Office Document Attachment Viewer Stack Buffer Overflowhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=906IDEFENSE
44624http://secunia.com/advisories/44624SECUNIAVendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21500034http://www.ibm.com/support/docview.wss?uid=swg21500034CONFIRM
47962http://www.securityfocus.com/bid/47962BID
lotus-notes-mw8sr-bo(67622)https://exchange.xforce.ibmcloud.com/vulnerabilities/67622XF
oval:org.mitre.oval:def:14650https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14650OVAL