CVE-2010-0126 - Vulnerability Details - OpenCVE

Heap-based buffer overflow in an unspecified library in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted compound file, as demonstrated using a Quattro Pro file, which is not properly handled by the Quattro speed reader (qpssr.dll).

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Autonomy	Keyview Export Sdk Keyview Filter Sdk Keyview Viewer Sdk

Configuration 1 [-]

OR	cpe:2.3:a:autonomy:keyview_export_sdk:10.4:::::::*
	cpe:2.3:a:autonomy:keyview_export_sdk:10.9:::::::*
	cpe:2.3:a:autonomy:keyview_filter_sdk:10.4:::::::*
	cpe:2.3:a:autonomy:keyview_filter_sdk:10.9:::::::*
	cpe:2.3:a:autonomy:keyview_viewer_sdk:10.4:::::::*
	cpe:2.3:a:autonomy:keyview_viewer_sdk:10.9:::::::*

No data.

References

Link	Providers
http://secunia.com/secunia_research/2010-16/
http://www-01.ibm.com/support/docview.wss?uid=swg21440812
http://www.securityfocus.com/bid/41928
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2010-08-17T17:31:00

Updated: 2024-08-07T00:37:53.832Z

Reserved: 2010-01-04T00:00:00

Link: CVE-2010-0126

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-08-17T20:00:02.423

Modified: 2024-11-21T01:11:35.280

Link: CVE-2010-0126

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-07-28T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in an unspecified library in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted compound file, as demonstrated using a Quattro Pro file, which is not properly handled by the Quattro speed reader (qpssr.dll)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-02-07T10:00:00", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2010-16/"}, {"name": "41928", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/41928"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2010-0126", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in an unspecified library in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted compound file, as demonstrated using a Quattro Pro file, which is not properly handled by the Quattro speed reader (qpssr.dll)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01", "refsource": "CONFIRM", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01"}, {"name": "http://secunia.com/secunia_research/2010-16/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2010-16/"}, {"name": "41928", "refsource": "BID", "url": "http://www.securityfocus.com/bid/41928"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:37:53.832Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2010-16/"}, {"name": "41928", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/41928"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2010-0126", "datePublished": "2010-08-17T17:31:00", "dateReserved": "2010-01-04T00:00:00", "dateUpdated": "2024-08-07T00:37:53.832Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:autonomy:keyview_export_sdk:10.4:*:*:*:*:*:*:*", "matchCriteriaId": "F588C397-FB3F-4A04-A015-B6F6D9C3B994", "vulnerable": true}, {"criteria": "cpe:2.3:a:autonomy:keyview_export_sdk:10.9:*:*:*:*:*:*:*", "matchCriteriaId": "C456319D-6699-4970-A146-6E52DD285D7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:autonomy:keyview_filter_sdk:10.4:*:*:*:*:*:*:*", "matchCriteriaId": "C558D1E3-4C6B-4C00-A415-5B9E343073D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:autonomy:keyview_filter_sdk:10.9:*:*:*:*:*:*:*", "matchCriteriaId": "706571F3-D347-4760-A55B-4F465DAFCBFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:autonomy:keyview_viewer_sdk:10.4:*:*:*:*:*:*:*", "matchCriteriaId": "4056FDC9-27A4-41D9-9C84-B50A66F30161", "vulnerable": true}, {"criteria": "cpe:2.3:a:autonomy:keyview_viewer_sdk:10.9:*:*:*:*:*:*:*", "matchCriteriaId": "73ECC62B-CED2-4401-A2F7-8E714D20D111", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in an unspecified library in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted compound file, as demonstrated using a Quattro Pro file, which is not properly handled by the Quattro speed reader (qpssr.dll)."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en la memoria din\u00e1mica en una librer\u00eda no especificada de Autonomy KeyView v10.4 y v10.9, como el usado en varios IBM, Symantec, y otros productos, permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de archivos compuestos manipulados, como lo demuestra el uso de ficheros Quattro Pro, que no es manejado apropiadamente por Quattro speed reader (qpssr.dll)."}], "id": "CVE-2010-0126", "lastModified": "2024-11-21T01:11:35.280", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-08-17T20:00:02.423", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2010-16/"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/bid/41928"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2010-16/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/41928"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}