Systech Solutions LTD.

I received the following notification regarding the Autonomy keyView SDK vulnerability.

US-CERT Current Activity

 

Autonomy KeyView SDK Vulnerability

 

Original release date: August 26, 2009 at 9:47 am Last revised: August 26, 2009 at 9:47 am

 

 

US-CERT is aware of reports of a vulnerability in the way the Autonomy KeyView SDK parses Excel files. The Autonomy KeyView SDK is used by certain products, including Lotus Notes and Symantec Mail Security, to support the handling of a number of different file formats. By supplying a specially crafted Excel spreadsheet to an application using the affected Autonomy KeyView SDK library, a remote attacker may be able to execute arbitrary code in the context of that application.

 

US-CERT encourages users and administrators to do the following to help mitigate the risks:

  * IBM Lotus Notes users should review the IBM Flash Alert and

    implement the listed fixes or workarounds.

  * Symantec users should review Symantec Security Advisory SYM09-010

    and implement the listed fixes or workarounds.

  * The original reporters of the vulnerability state that users of

    other applications that use an affected version of the Autonomy

    KeyView SDK may wish to remove the xlssr.dll filter module or

    comment out the reference to xlssr.dll in the KeyView.ini file

    distributed with the affected application.

 

Relevant Url(s):

<http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21396492>

 

<http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00>

 

====

This entry is available at

http://www.us-cert.gov/current/index.html#autonomy_keyview_sdk_vulnerability1