CVE-2008-4564

Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.

Published: 2009-03-18 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2008-4564 is rated High Risk (66.4/100): CVSS Critical severity, with high exploitation likelihood (EPSS 50.83%, 98th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2008-4564

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-01-07 61.04% 50.83% -10.22%
2 2025-12-01 56.29% 61.04% +4.76%
3 2025-10-04 56.29%

Full EPSS history (27 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2008-4564

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
9.3 2.0 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 8.6 10.0 [email protected]

Weakness enumeration for CVE-2008-4564

Affected software / configurations for CVE-2008-4564

Vendor Product Version Raw CPE
autonomy keyview_export_sdk <= 10.4 cpe:2.3:a:autonomy:keyview_export_sdk:*:*:*:*:*:*:*:*
autonomy keyview_export_sdk 2.0 cpe:2.3:a:autonomy:keyview_export_sdk:2.0:*:*:*:*:*:*:*
autonomy keyview_export_sdk 9.2.0 cpe:2.3:a:autonomy:keyview_export_sdk:9.2.0:*:*:*:*:*:*:*
autonomy keyview_export_sdk 10 cpe:2.3:a:autonomy:keyview_export_sdk:10:*:*:*:*:*:*:*
autonomy keyview_export_sdk 10.3 cpe:2.3:a:autonomy:keyview_export_sdk:10.3:*:*:*:*:*:*:*
autonomy keyview_filter_sdk <= 10.4 cpe:2.3:a:autonomy:keyview_filter_sdk:*:*:*:*:*:*:*:*
autonomy keyview_filter_sdk 2.0 cpe:2.3:a:autonomy:keyview_filter_sdk:2.0:*:*:*:*:*:*:*
autonomy keyview_filter_sdk 9.2.0 cpe:2.3:a:autonomy:keyview_filter_sdk:9.2.0:*:*:*:*:*:*:*
autonomy keyview_filter_sdk 10 cpe:2.3:a:autonomy:keyview_filter_sdk:10:*:*:*:*:*:*:*
autonomy keyview_filter_sdk 10.3 cpe:2.3:a:autonomy:keyview_filter_sdk:10.3:*:*:*:*:*:*:*
autonomy keyview_viewer_sdk <= 10.4 cpe:2.3:a:autonomy:keyview_viewer_sdk:*:*:*:*:*:*:*:*
autonomy keyview_viewer_sdk 2.0 cpe:2.3:a:autonomy:keyview_viewer_sdk:2.0:*:*:*:*:*:*:*
autonomy keyview_viewer_sdk 9.2.0 cpe:2.3:a:autonomy:keyview_viewer_sdk:9.2.0:*:*:*:*:*:*:*
autonomy keyview_viewer_sdk 10 cpe:2.3:a:autonomy:keyview_viewer_sdk:10:*:*:*:*:*:*:*
autonomy keyview_viewer_sdk 10.3 cpe:2.3:a:autonomy:keyview_viewer_sdk:10.3:*:*:*:*:*:*:*
ibm lotus_notes 5.0.3 cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:*
ibm lotus_notes 5.0.12 cpe:2.3:a:ibm:lotus_notes:5.0.12:*:*:*:*:*:*:*
ibm lotus_notes 6.0 cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*
ibm lotus_notes 6.0.1 cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*
ibm lotus_notes 6.0.2 cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*
ibm lotus_notes 6.0.3 cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*
ibm lotus_notes 6.0.4 cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:*
ibm lotus_notes 6.0.5 cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:*
ibm lotus_notes 6.5 cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
ibm lotus_notes 6.5.1 cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*
ibm lotus_notes 6.5.2 cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*
ibm lotus_notes 6.5.3 cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*
ibm lotus_notes 6.5.4 cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*
ibm lotus_notes 6.5.5 cpe:2.3:a:ibm:lotus_notes:6.5.5:*:*:*:*:*:*:*
ibm lotus_notes 6.5.5 cpe:2.3:a:ibm:lotus_notes:6.5.5:*:fp2:*:*:*:*:*
ibm lotus_notes 6.5.5 cpe:2.3:a:ibm:lotus_notes:6.5.5:*:fp3:*:*:*:*:*
ibm lotus_notes 6.5.6 cpe:2.3:a:ibm:lotus_notes:6.5.6:*:*:*:*:*:*:*
ibm lotus_notes 6.5.6 cpe:2.3:a:ibm:lotus_notes:6.5.6:*:fp2:*:*:*:*:*
ibm lotus_notes 7.0 cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
ibm lotus_notes 7.0.1 cpe:2.3:a:ibm:lotus_notes:7.0.1:*:*:*:*:*:*:*
ibm lotus_notes 7.0.2 cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*
ibm lotus_notes 7.0.2 cpe:2.3:a:ibm:lotus_notes:7.0.2:*:fp1:*:*:*:*:*
ibm lotus_notes 7.0.3 cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*
ibm lotus_notes 8.0 cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
symantec altiris_deployment_solution cpe:2.3:a:symantec:altiris_deployment_solution:*:*:*:*:*:*:*:*
symantec brightmail 5.0 cpe:2.3:a:symantec:brightmail:5.0:*:appliance:*:*:*:*:*
symantec data_loss_prevention_detection_servers 7.0 cpe:2.3:a:symantec:data_loss_prevention_detection_servers:7.0:*:*:*:*:*:*:*
symantec data_loss_prevention_detection_servers 8.0 cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.0:*:*:*:*:*:*:*
symantec data_loss_prevention_detection_servers 8.1 cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1:*:linux:*:*:*:*:*
symantec data_loss_prevention_detection_servers 8.1 cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1:*:windows:*:*:*:*:*
symantec data_loss_prevention_endpoint_agents 8.0 cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:8.0:*:*:*:*:*:*:*
symantec data_loss_prevention_endpoint_agents 8.1 cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:8.1:*:*:*:*:*:*:*
symantec enforce 7.0 cpe:2.3:a:symantec:enforce:7.0:*:*:*:*:*:*:*
symantec enforce 8.0 cpe:2.3:a:symantec:enforce:8.0:*:*:*:*:*:*:*
symantec enforce 8.1 cpe:2.3:a:symantec:enforce:8.1:*:linux:*:*:*:*:*
symantec enforce 8.1 cpe:2.3:a:symantec:enforce:8.1:*:windows:*:*:*:*:*
symantec mail_security 5.0 cpe:2.3:a:symantec:mail_security:5.0:*:appliance:*:*:*:*:*
symantec mail_security 5.0.0 cpe:2.3:a:symantec:mail_security:5.0.0:*:*:*:*:*:*:*
symantec mail_security 5.0.0 cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*
symantec mail_security 5.0.0.24 cpe:2.3:a:symantec:mail_security:5.0.0.24:*:appliance:*:*:*:*:*
symantec mail_security 5.0.1 cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*
symantec mail_security 5.0.1.181 cpe:2.3:a:symantec:mail_security:5.0.1.181:*:smtp:*:*:*:*:*
symantec mail_security 5.0.1.182 cpe:2.3:a:symantec:mail_security:5.0.1.182:*:smtp:*:*:*:*:*
symantec mail_security 5.0.1.189 cpe:2.3:a:symantec:mail_security:5.0.1.189:*:smtp:*:*:*:*:*
symantec mail_security 5.0.1.200 cpe:2.3:a:symantec:mail_security:5.0.1.200:*:smtp:*:*:*:*:*
symantec mail_security 5.0.10 cpe:2.3:a:symantec:mail_security:5.0.10:*:microsoft_exchange:*:*:*:*:*
symantec mail_security 5.0.11 cpe:2.3:a:symantec:mail_security:5.0.11:*:microsoft_exchange:*:*:*:*:*
symantec mail_security 6.0.6 cpe:2.3:a:symantec:mail_security:6.0.6:microsoft_exchange:*:*:*:*:*:*
symantec mail_security 6.0.7 cpe:2.3:a:symantec:mail_security:6.0.7:microsoft_exchange:*:*:*:*:*:*
symantec mail_security 7.5..4.29 cpe:2.3:a:symantec:mail_security:7.5..4.29:*:domino:*:*:*:*:*
symantec mail_security 7.5.3.25 cpe:2.3:a:symantec:mail_security:7.5.3.25:*:domino:*:*:*:*:*
symantec mail_security 7.5.5.32 cpe:2.3:a:symantec:mail_security:7.5.5.32:*:domino:*:*:*:*:*

References for CVE-2008-4564

URL Tags
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774
http://osvdb.org/52713
http://secunia.com/advisories/34303
http://secunia.com/advisories/34307 Vendor Advisory
http://secunia.com/advisories/34318
http://secunia.com/advisories/34355
http://securitytracker.com/id?1021856
http://securitytracker.com/id?1021857
http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21377573 Vendor Advisory
http://www.kb.cert.org/vuls/id/276563 US Government Resource
http://www.securityfocus.com/bid/34086
http://www.securitytracker.com/id?1021859
http://www.symantec.com/avcenter/security/Content/2009.03.17a.html Vendor Advisory
http://www.vupen.com/english/advisories/2009/0744 Vendor Advisory
http://www.vupen.com/english/advisories/2009/0756
http://www.vupen.com/english/advisories/2009/0757
https://customers.autonomy.com/support/secure/docs/Updates/Keyview/Filter%20SDK/10.4/kv_update_nti40_10.4.zip.readme.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/49284
cvelogic Threat Intelligence