Vulnerability Details : CVE-2010-0135
Heap-based buffer overflow in the WordPerfect 5.x reader (wosr.dll), as used in Autonomy KeyView 10.4 and 10.9 and possibly other products, allows remote attackers to execute arbitrary code via unspecified vectors related to "data blocks."
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2010-0135
Probability of exploitation activity in the next 30 days: 4.68%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-0135
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2010-0135
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0135
-
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100727_01
Multi-Vendor Autonomy KeyView Filter Multiple Security Issues
-
http://www.securityfocus.com/bid/41928
Autonomy KeyView Filter Module Multiple Memory Corruption Vulnerabilities
-
http://www-01.ibm.com/support/docview.wss?uid=swg21440812
(July 2010) Fixes for potential security vulnerabilities in Lotus Notes file viewers
Products affected by CVE-2010-0135
- cpe:2.3:a:autonomy:keyview_export_sdk:10.9:*:*:*:*:*:*:*
- cpe:2.3:a:autonomy:keyview_export_sdk:10.4:*:*:*:*:*:*:*
- cpe:2.3:a:autonomy:keyview_filter_sdk:10.4:*:*:*:*:*:*:*
- cpe:2.3:a:autonomy:keyview_filter_sdk:10.9:*:*:*:*:*:*:*
- cpe:2.3:a:autonomy:keyview_viewer_sdk:10.9:*:*:*:*:*:*:*
- cpe:2.3:a:autonomy:keyview_viewer_sdk:10.4:*:*:*:*:*:*:*