CVE-2010-1525 - Vulnerability Details - OpenCVE

Integer underflow in the SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted size for an unspecified record type, which triggers a heap-based buffer overflow.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Autonomy	Keyview Export Sdk Keyview Filter Sdk Keyview Viewer Sdk

Configuration 1 [-]

OR	cpe:2.3:a:autonomy:keyview_export_sdk:10.4:::::::*
	cpe:2.3:a:autonomy:keyview_export_sdk:10.9:::::::*
	cpe:2.3:a:autonomy:keyview_filter_sdk:10.4:::::::*
	cpe:2.3:a:autonomy:keyview_filter_sdk:10.9:::::::*
	cpe:2.3:a:autonomy:keyview_viewer_sdk:10.4:::::::*
	cpe:2.3:a:autonomy:keyview_viewer_sdk:10.9:::::::*

No data.

References

Link	Providers
http://secunia.com/secunia_research/2010-49/
http://www-01.ibm.com/support/docview.wss?uid=swg21440812
http://www.securityfocus.com/bid/41928
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2010-08-17T17:31:00

Updated: 2024-08-07T01:28:41.829Z

Reserved: 2010-04-26T00:00:00

Link: CVE-2010-1525

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-08-17T20:00:03.127

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-1525

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-07-28T00:00:00", "descriptions": [{"lang": "en", "value": "Integer underflow in the SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted size for an unspecified record type, which triggers a heap-based buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-02-07T10:00:00", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01"}, {"name": "41928", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/41928"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2010-49/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2010-1525", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer underflow in the SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted size for an unspecified record type, which triggers a heap-based buffer overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01", "refsource": "CONFIRM", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01"}, {"name": "41928", "refsource": "BID", "url": "http://www.securityfocus.com/bid/41928"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812"}, {"name": "http://secunia.com/secunia_research/2010-49/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2010-49/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:28:41.829Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01"}, {"name": "41928", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/41928"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2010-49/"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2010-1525", "datePublished": "2010-08-17T17:31:00", "dateReserved": "2010-04-26T00:00:00", "dateUpdated": "2024-08-07T01:28:41.829Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:autonomy:keyview_export_sdk:10.4:*:*:*:*:*:*:*", "matchCriteriaId": "F588C397-FB3F-4A04-A015-B6F6D9C3B994", "vulnerable": true}, {"criteria": "cpe:2.3:a:autonomy:keyview_export_sdk:10.9:*:*:*:*:*:*:*", "matchCriteriaId": "C456319D-6699-4970-A146-6E52DD285D7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:autonomy:keyview_filter_sdk:10.4:*:*:*:*:*:*:*", "matchCriteriaId": "C558D1E3-4C6B-4C00-A415-5B9E343073D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:autonomy:keyview_filter_sdk:10.9:*:*:*:*:*:*:*", "matchCriteriaId": "706571F3-D347-4760-A55B-4F465DAFCBFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:autonomy:keyview_viewer_sdk:10.4:*:*:*:*:*:*:*", "matchCriteriaId": "4056FDC9-27A4-41D9-9C84-B50A66F30161", "vulnerable": true}, {"criteria": "cpe:2.3:a:autonomy:keyview_viewer_sdk:10.9:*:*:*:*:*:*:*", "matchCriteriaId": "73ECC62B-CED2-4401-A2F7-8E714D20D111", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer underflow in the SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted size for an unspecified record type, which triggers a heap-based buffer overflow."}, {"lang": "es", "value": "Desbordamiento de entero en el lector SpreadSheet Lotus 123 (wkssr.dll) de Autonomy KeyView v10.4 y v10.9, como el usuado en IBM, Symantec, y otros productos, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de tama\u00f1os manipulados para un tipo de registro no especificado, lo que dispara un desbordamiento de b\u00fafer basados en pila."}], "id": "CVE-2010-1525", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-08-17T20:00:03.127", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2010-49/"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/bid/41928"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2010-49/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21440812"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/41928"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}