Lucene search

[email protected]CVE-2012-6277

HistoryFeb 21, 2020 - 5:15 p.m.

CVE-2012-6277

2020-02-2117:15:10

[email protected]

web.nvd.nist.gov

cve-2012-6277

autonomy keyview

idol

symantec mail security

microsoft exchange

symantec messaging gateway

ibm notes

ibm lotus domino

remote code execution

memory corruption

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

JSON

Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to “a number of underlying issues” in which “some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code.”

Affected configurations

NVD

Node

ibmdominoRange8.5.0–8.5.3.6

ibmnotesRange8.5–8.5.3

Node

symantecdata_loss_prevention_endpointRange11.0–11.6.1

symantecdata_loss_prevention_enforce\/detection_serversRange11.0–11.6.1linux

symantecdata_loss_prevention_enforce\/detection_serversRange11.0–11.6.1windows

symantecmail_securityRange≤6.5.7microsoft_exchange

symantecmail_securityRange≤8.1.0domino

symantecmail_securityMatch6.5.7

symantecmessaging_gatewayRange9.5–10.0.1

Node

hpautonomy_keyview_idolRange<10.16

CPENameOperatorVersion
ibm:dominoibm dominole8.5.3.6
ibm:notesibm notesle8.5.3

CPE	Name	Operator	Version
ibm:domino	ibm domino	le	8.5.3.6
ibm:notes	ibm notes	le	8.5.3

CNA Affected

[
  {
    "product": "Autonomy KeyView IDOL",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "before 10.16"
      }
    ]
  }
]

References

support.symantec.com/us/en/article.symsa1262.html

tools.cisco.com/security/center/viewAlert.x?alertId=27482

vulmon.com/vulnerabilitydetails?qid=CVE-2012-6277

www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities

www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/

www.kb.cert.org/vuls/id/849841/

www.securityfocus.com/bid/56610

www.tenable.com/plugins/nessus/67192

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

JSON

Related for CVE-2012-6277

nvd1 cert1 prion1 cvelist1 nessus1