CVE-2010-0126
Last modified
CVE-2010-0126 is a vulnerability of currently unknown severity. Heap-based buffer overflow in an unspecified library in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted compound file, as demonstrated using a Quattro Pro file, which is not properly handled by the Quattro speed reader (qpssr.dll).. EPSS estimates a 3.97% chance of exploitation in the next 30 days.
Description
Heap-based buffer overflow in an unspecified library in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted compound file, as demonstrated using a Quattro Pro file, which is not properly handled by the Quattro speed reader (qpssr.dll).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Autonomy | Keyview Export Sdk | 10.4 |
| Autonomy | Keyview Export Sdk | 10.9 |
| Autonomy | Keyview Filter Sdk | 10.4 |
| Autonomy | Keyview Filter Sdk | 10.9 |
| Autonomy | Keyview Viewer Sdk | 10.4 |
| Autonomy | Keyview Viewer Sdk | 10.9 |
References
- http://secunia.com/secunia_research/2010-16/Vendor Advisory
- http://secunia.com/secunia_research/2010-16/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-0126?
How severe is CVE-2010-0126?
How do I fix CVE-2010-0126?
Are you affected by CVE-2010-0126?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST