KeyView SDK bestows vulnerabilities on Symantec and IBM
Once again, holes in the KeyView SDK from Autonomy have led to a security hole in many Symantec products. An appropriately prepared document can cause a buffer overflow which can allow an attacker to take control of the system.
Various versions of Symantec Mail Security for Domino, Symantec Mail Security for Microsoft Exchange, Symantec Brightmail Gateway, Symantec Mail Security for SMTP, Symantec Data Loss Prevention Enforce / Detection Server, Symantec Data Loss Prevention Endpoint Agents and Symantec IM Manager 2007 are affected. For most of the products, Symantec is already offering updates. Symantec Mail Security for SMTP is the only one not updated as it is no longer being developed. Symantec recommends that users of this product upgrade to Symantec Brightmail Gateway.
Lotus Notes administrators will also have to take action, because Notes also uses the KeyView SDK and Notes versions 8.5.x, 8.0.x and 7.x are vulnerable to the same issues.