Signature Detail

HTTP: Microsoft Excel File SST Parsing Integer Overflow

This signature detects attempts to exploit a known vulnerability in the Microsoft Excel file format. A successful attack can lead to an integer overflow and arbitrary remote code execution within the context of the client.

Extended Description

Autonomy KeyView module is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers. Exploiting this issue will allow an attacker to corrupt memory and cause denial-of-service conditions or potentially to execute arbitrary code in the context of an application using the module. Multiple products using the KeyView module are affected.

Affected Products

• Autonomy Keyview Export SDK 10
• Autonomy Keyview Export SDK 10.3.0
• Autonomy Keyview Export SDK 10.4.0
• Autonomy Keyview Export SDK 7
• Autonomy Keyview Export SDK 8
• Autonomy Keyview Export SDK 9
• Autonomy Keyview Filter SDK 10
• Autonomy Keyview Filter SDK 10.3.0
• Autonomy Keyview Filter SDK 10.4.0
• Autonomy Keyview Filter SDK 7
• Autonomy Keyview Filter SDK 8
• Autonomy Keyview Filter SDK 9
• Autonomy Keyview Viewer SDK 10
• Autonomy Keyview Viewer SDK 10.3.0
• Autonomy Keyview Viewer SDK 10.4.0
• Autonomy Keyview Viewer SDK 7
• Autonomy Keyview Viewer SDK 8
• Autonomy Keyview Viewer SDK 9
• IBM Lotus Notes 5.0.12
• IBM Lotus Notes 5.0.3
• IBM Lotus Notes 6.0.0
• IBM Lotus Notes 6.0.1
• IBM Lotus Notes 6.0.2
• IBM Lotus Notes 6.0.3
• IBM Lotus Notes 6.0.4
• IBM Lotus Notes 6.0.5
• IBM Lotus Notes 6.5.0
• IBM Lotus Notes 6.5.1
• IBM Lotus Notes 6.5.2
• IBM Lotus Notes 6.5.3
• IBM Lotus Notes 6.5.4
• IBM Lotus Notes 6.5.5
• IBM Lotus Notes 6.5.5 FP2
• IBM Lotus Notes 6.5.5 FP3
• IBM Lotus Notes 6.5.6
• IBM Lotus Notes 6.5.6 FP2
• IBM Lotus Notes 7.0
• IBM Lotus Notes 7.0.1
• IBM Lotus Notes 7.0.2
• IBM Lotus Notes 7.0.2 FP1
• IBM Lotus Notes 7.0.3
• IBM Lotus Notes 8.0
• IBM Lotus Notes 8.5
• IBM Lotus Notes
• Symantec BrightMail Appliance 5.0
• Symantec BrightMail Appliance 8.0
• Symantec BrightMail Appliance 8.0.1
• Symantec Data Loss Prevention Detection Servers 7.2
• Symantec Data Loss Prevention Detection Servers for Linux 8.1.1
• Symantec Data Loss Prevention Detection Servers for Linux 9.0.1
• Symantec Data Loss Prevention Detection Servers for Windows 8.1.1
• Symantec Data Loss Prevention Detection Servers for Windows 9.0.1
• Symantec Data Loss Prevention Endpoint Agents 8.1.1
• Symantec Data Loss Prevention Endpoint Agents 9.0.1
• Symantec Mail Security Appliance 5.0.0
• Symantec Mail Security Appliance 5.0.0.24
• Symantec Mail Security Appliance 5.0.0-36
• Symantec Mail Security for Domino 7.5.3.25
• Symantec Mail Security for Domino 7.5.4.29
• Symantec Mail Security for Domino 7.5.5.32
• Symantec Mail Security for Domino 7.5.6
• Symantec Mail Security for Domino 8.0
• Symantec Mail Security for Microsoft Exchange 5.0.10
• Symantec Mail Security for Microsoft Exchange 5.0.10.382
• Symantec Mail Security for Microsoft Exchange 5.0.11
• Symantec Mail Security for Microsoft Exchange 5.0.12
• Symantec Mail Security for Microsoft Exchange 6.0.6
• Symantec Mail Security for Microsoft Exchange 6.0.7
• Symantec Mail Security for Microsoft Exchange 6.0.8
• Symantec Mail Security for SMTP 5.0
• Symantec Mail Security for SMTP 5.0.1
• Symantec Mail Security for SMTP 5.0.1 Patch 181
• Symantec Mail Security for SMTP 5.0.1 Patch 182
• Symantec Mail Security for SMTP 5.0.1 Patch 189
• Symantec Mail Security for SMTP 5.0.1 Patch 200
• Symantec Mail Security for SMTP 5.0.1 Patch 201

References

• BugTraq: 36042
• CVE: CVE-2009-3037