Autonomy KeyView SDK Vulnerability

Antivirus Advice for Computer Protection on the Internet

:: Apple Releases QuickTime 7.7.2 :: Google Releases Google Chrome 19 :: Apple Releases Multiple Security Updates :: Adobe Releases Security Bulletins for Multiple Products :: Apple Releases iOS 5.1.1 :: Adobe Releases Security Advisory for Adobe Flash Player :: Microsoft Releases May Security Bulletin :: Microsoft Releases Advanced Notification for May Security Bulletin :: Microsoft Releases Advance Notification for May Security Bulletin :: Google Releases Chrome 18.0.1025.168 :: RuggedCom Rugged Operating System Vulnerability :: DNSChanger Malware :: Oracle Releases Critical Patch Update for April 2012 :: Apple Releases Flashback Malware Security Updates :: Apple Releases Flashback Malware Security Updates :: HP ProCurve 5400 zl Switches Security Bulletin :: Samba Releases Updates for 3.0.x - 3.6.3 :: Adobe Releases Security Bulletin for Adobe Reader and Acrobat :: Microsoft Releases Advance Notification for April Security Bulletin :: Microsoft Releases April Security Bulletin

US-CERT is aware of reports of a vulnerability that affects the Autonomy KeyView SDK wp6sr.dll library. This library is used by certain products, including Lotus Notes and Symantec, to support the handling of Word Perfect documents. By convincing a user to open a specially crafted Word Perfect document with an application using the affected Autonomy KeyView SDK library, a remote attacker may be able to execute arbitrary code.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

IBM Lotus Notes users should review the IBM Flash Alert and implement the listed fixes or workarounds.
Symantec users should review Symantec Security Advisory SYM09-004 and implement the listed fixes or workarounds.
Registered Autonomy Users should review the related Autonomy alert (login required).

Read more: US-CERT Current Activity

Today's Internet Security Alerts

SANSFIRE 2011
SANSFIRE 2011
(1) HIGH: Google Chrome Sandbox Escapes
...
(2) HIGH: Microsoft Remote Desktop Protocol Vulnerability
...
(3) HIGH: Mozilla Firefox Use-After-Free Vulnerability
...
2.8 Mozilla Firefox/Thunderbird/SeaMonkey "shlwapi.dll" Use-After-Free Memory Corruption
...
12.11.11 IBM DB2 Multiple Security Vulnerabilities
...
12.11.12 IBM Maximo Asset Management Multiple Security Vulnerabilities
...

Popular Words in Security Alerts
gateway prefetch sources requests backup directory workaround series campaign engine encouraged installing compromised engineering restore