CyberSecurityBoard
Sponsor Register Login

CVE-2009-3037

Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.

Publication date: Tue, 01 Sep 2009 21:30:00 +0000


Cyber News related to CVE-2009-3037

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago
CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago
CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
55 years ago Tenable.com
CVE-2009-3037 - Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, ...
12 years ago
CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
5 years ago
CVE-2024-8404 - An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut ...
6 months ago
CVE-2012-3037 - The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged ...
3 years ago
CVE-2005-3037 - Cross-site scripting (XSS) vulnerability in Handy Address Book Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the SEARCHTEXT parameter in a demos URL. ...
16 years ago
CVE-2010-3037 - goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Unified ...
14 years ago
CVE-2016-3037 - IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613. ...
7 years ago
CVE-2017-3037 - Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution. ...
7 years ago
CVE-2006-3037 - Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ST AdManager Lite allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, (3) article, (4) bio, and (5) name parameters. ...
7 years ago
CVE-2008-3037 - Cross-site scripting (XSS) vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
7 years ago
CVE-2013-3037 - Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors. ...
7 years ago
CVE-2014-3037 - Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Software Architect Design Manager before 4.0.7 and 5.x ...
7 years ago
CVE-2007-3037 - Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a ...
6 years ago
CVE-2018-3037 - Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily ...
5 years ago
CVE-2011-3037 - Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted ...
4 years ago
CVE-2022-3037 - Use After Free in GitHub repository vim/vim prior to 9.0.0322. ...
2 years ago
CVE-2021-3037 - An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, ...
2 years ago
CVE-2023-3037 - Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter. ...
1 year ago
CVE-2024-3037 - An arbitrary file deletion vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This vulnerability requires local login/console access to the PaperCut NG/MF server (eg: member of a domain admin group). ...
10 months ago Tenable.com
CVE-2025-3037 - A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to ...
2 days ago
CVE-2024-57901 - In the Linux kernel, the following vulnerability has been resolved: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot. Rework vlan_get_protocol_dgram() to not touch skb at ...
2 months ago Tenable.com
Windows 11 update breaks Veeam recovery, causes connection errors - ​As a temporary workaround, while Microsoft and Veeam are currently investigating this known issue and looking for a fix, users impacted by this issue are advised to recover their computer or data using Veeam Recovery Media generated from a ...
1 week ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)