Vulnerability Note VU#849841
Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers
Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers. These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system.
Autonomy Keyview IDOL is a set of libraries that can decode over 1,000 different file formats. The Autonomy Keyview IDOL libraries are used by a variety of applications, including IBM Lotus Notes, Lotus Domino, Symantec Mail Security, RSA DLP, VMware Zimbra, Hyland OnBase, and many others. These vulnerabilities result from a number of underlying issues. Some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code.
By causing an application to process a specially-crafted file with the Autonomy Keyview IDOL library, a remote, unauthenticated attacker may be able to cause an affected application to crash, resulting in a denial of service, or executing arbitrary code with the privileges of the vulnerable application. Depending on what application is using Keyview IDOL, these may happen as the result of some user interaction, such as single-clicking on a file, or it may happen with no user interaction at all. Privileges that the code would execute with depend on the application in question. For example, an attacker that exploits Symantec Mail Security or IBM Lotus Domino would be able to achieve code execution with SYSTEM privileges.
Apply an update
This issue is addressed in Autonomy Keyview IDOL 10.16. Please see your vendor for relevant product updates that include this version of Keyview.
Use the Microsoft Enhanced Mitigation Experience Toolkit
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Autonomy||Affected||-||04 Jun 2012|
|CA Technologies||Affected||29 Mar 2012||05 Nov 2012|
|Cisco Systems, Inc.||Affected||29 Mar 2012||05 Nov 2012|
|EMC Corporation||Affected||29 Mar 2012||05 Nov 2012|
|Hewlett-Packard Company||Affected||05 Mar 2012||05 Nov 2012|
|Hyland Software||Affected||29 Mar 2012||04 Jun 2012|
|IBM Corporation||Affected||21 Nov 2012||24 Mar 2013|
|Lotus Software||Affected||29 Mar 2012||24 Mar 2013|
|McAfee||Affected||29 Mar 2012||05 Nov 2012|
|Nuance Communications, Inc.||Affected||-||28 Nov 2012|
|Oracle Corporation||Affected||-||28 Nov 2012|
|Palisade Systems||Affected||22 May 2012||22 May 2012|
|Proofpoint||Affected||22 May 2012||05 Nov 2012|
|Symantec||Affected||29 Mar 2012||20 Nov 2012|
|Trend Micro||Affected||22 May 2012||05 Nov 2012|
CVSS Metrics (Learn More)
This vulnerability was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
- CVE IDs: CVE-2012-6277
- Date Public: 20 Nov 2012
- Date First Published: 20 Nov 2012
- Date Last Updated: 24 Mar 2013
- Document Revision: 39
If you have feedback, comments, or additional information about this vulnerability, please send us email.