CVE-2012-6349
critical
CVSS v3
—
CVSS v2
9.3
VIR risk
9.3
Description
Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21627992
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| autonomy | keyview_idol | - | |
| ibm | lotus_notes | 8.5 | |
| ibm | lotus_notes | 8.5.0.0 | |
| ibm | lotus_notes | 8.5.0.1 | |
| ibm | lotus_notes | 8.5.1 | |
| ibm | lotus_notes | 8.5.1.0 | |
| ibm | lotus_notes | 8.5.1.1 | |
| ibm | lotus_notes | 8.5.1.2 | |
| ibm | lotus_notes | 8.5.1.3 | |
| ibm | lotus_notes | 8.5.1.4 | |
| ibm | lotus_notes | 8.5.1.5 | |
| ibm | lotus_notes | 8.5.2.0 | |
| ibm | lotus_notes | 8.5.2.1 | |
| ibm | lotus_notes | 8.5.2.2 | |
| ibm | lotus_notes | 8.5.2.3 | |
| ibm | lotus_notes | 8.5.3 | |
| ibm | lotus_notes | 8.5.3.1 | |
| ibm | lotus_notes | 8.5.3.2 | |
| ibm | lotus_notes | 8.5.3.3 | |
References
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.