Strix
26.1K

CVE-2008-4564

UnknownEPSS 6.76%

Last modified

CVE-2008-4564 is a vulnerability of currently unknown severity. Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.. EPSS estimates a 6.76% chance of exploitation in the next 30 days.

Description

Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.

Metrics

EPSS Probability
6.76%

93.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
AutonomyKeyview Export Sdk<= 10.4
AutonomyKeyview Export Sdk2.0
AutonomyKeyview Export Sdk9.2.0
AutonomyKeyview Export Sdk10
AutonomyKeyview Export Sdk10.3
AutonomyKeyview Filter Sdk<= 10.4
AutonomyKeyview Filter Sdk2.0
AutonomyKeyview Filter Sdk9.2.0
AutonomyKeyview Filter Sdk10
AutonomyKeyview Filter Sdk10.3
AutonomyKeyview Viewer Sdk<= 10.4
AutonomyKeyview Viewer Sdk2.0
AutonomyKeyview Viewer Sdk9.2.0
AutonomyKeyview Viewer Sdk10
AutonomyKeyview Viewer Sdk10.3
IbmLotus Notes5.0.3
IbmLotus Notes5.0.12
IbmLotus Notes6.0
IbmLotus Notes6.0.1
IbmLotus Notes6.0.2
IbmLotus Notes6.0.3
IbmLotus Notes6.0.4
IbmLotus Notes6.0.5
IbmLotus Notes6.5
IbmLotus Notes6.5.1
IbmLotus Notes6.5.2
IbmLotus Notes6.5.3
IbmLotus Notes6.5.4
IbmLotus Notes6.5.5
IbmLotus Notes6.5.6
IbmLotus Notes7.0
IbmLotus Notes7.0.1
IbmLotus Notes7.0.2
IbmLotus Notes7.0.3
IbmLotus Notes8.0
SymantecAltiris Deployment SolutionAll versions
SymantecBrightmail5.0
SymantecData Loss Prevention Detection Servers7.0
SymantecData Loss Prevention Detection Servers8.0
SymantecData Loss Prevention Detection Servers8.1
SymantecData Loss Prevention Endpoint Agents8.0
SymantecData Loss Prevention Endpoint Agents8.1
SymantecEnforce7.0
SymantecEnforce8.0
SymantecEnforce8.1
SymantecMail Security5.0
SymantecMail Security5.0.0
SymantecMail Security5.0.0.24
SymantecMail Security5.0.1
SymantecMail Security5.0.1.181

Showing 50 of 60 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2008-4564?
Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.
How severe is CVE-2008-4564?
Severity scoring for CVE-2008-4564 is pending analysis. The EPSS model estimates a 6.76% probability of exploitation in the next 30 days.
How do I fix CVE-2008-4564?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-4564?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST