1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Autonomy KeyView CVE-2011-1213

Attack: Autonomy KeyView CVE-2011-1213

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects attempts to exploit a buffer overflow vulnerability in Autonomy Keyview which could result in remote code execution.

Additional Information

Autonomy KeyView Filter is a component used in multiple applications. It adds filtering, viewing, and exporting of documents to web-ready HTML or valid XML.

Autonomy KeyView is prone to a stack-based buffer-overflow vulnerability when handling a LZH archive file. The problem occurs due to an integer overflow when calculating a length value from header information in a malformed archive. That length value is then used in a memory-copy operation causing a stack overflow.

An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious file or email attachment.

Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously discussed in BID 47962 (IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities) but has been given its own record to better document it.


  • Autonomy KeyView


  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube