Vulnerability-Lookup - Search a vulnerability

CVE-2007-5399 (GCVE-0-2007-5399)

Vulnerability from cvelistv5

Published

2008-04-10 18:00

Modified

2024-08-07 15:31

Severity ?

CWE

n/a

Summary

Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote attackers to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority, (8) Importance, or (9) X-MSMail-Priority header; (10) a long string at the beginning of an RFC2047 encoded-word in a header; (11) a long text string in an RFC2047 encoded-word in a header; or (12) a long Subject header, related to creation of an associated filename.

References

►

URL

Tags

	http://secunia.com/advisories/28209	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/490832/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2008/1156	vdb-entry, x_refsource_VUPEN
	http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/28454	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/28210	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/secunia_research/2007-91/advisory/	x_refsource_MISC
	http://www.securitytracker.com/id?1019842	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/490833/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2008/1153	vdb-entry, x_refsource_VUPEN
	http://secunia.com/secunia_research/2007-92/advisory/	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilities/41723	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:58.832Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28209",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28209"
          },
          {
            "name": "20080414 Secunia Research: Autonomy Keyview EML Reader Buffer Overflows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490832/100/0/threaded"
          },
          {
            "name": "ADV-2008-1156",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1156"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
          },
          {
            "name": "28454",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28454"
          },
          {
            "name": "28210",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28210"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2007-91/advisory/"
          },
          {
            "name": "1019842",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019842"
          },
          {
            "name": "20080414 Secunia Research: Lotus Notes EML Reader Buffer Overflows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490833/100/0/threaded"
          },
          {
            "name": "ADV-2008-1153",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1153"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2007-92/advisory/"
          },
          {
            "name": "autonomy-keyview-eml-multiple-bo(41723)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41723"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote attackers to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority, (8) Importance, or (9) X-MSMail-Priority header; (10) a long string at the beginning of an RFC2047 encoded-word in a header; (11) a long text string in an RFC2047 encoded-word in a header; or (12) a long Subject header, related to creation of an associated filename."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "28209",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28209"
        },
        {
          "name": "20080414 Secunia Research: Autonomy Keyview EML Reader Buffer Overflows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490832/100/0/threaded"
        },
        {
          "name": "ADV-2008-1156",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1156"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
        },
        {
          "name": "28454",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28454"
        },
        {
          "name": "28210",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28210"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2007-91/advisory/"
        },
        {
          "name": "1019842",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019842"
        },
        {
          "name": "20080414 Secunia Research: Lotus Notes EML Reader Buffer Overflows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490833/100/0/threaded"
        },
        {
          "name": "ADV-2008-1153",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1153"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2007-92/advisory/"
        },
        {
          "name": "autonomy-keyview-eml-multiple-bo(41723)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41723"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2007-5399",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote attackers to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority, (8) Importance, or (9) X-MSMail-Priority header; (10) a long string at the beginning of an RFC2047 encoded-word in a header; (11) a long text string in an RFC2047 encoded-word in a header; or (12) a long Subject header, related to creation of an associated filename."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28209",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28209"
            },
            {
              "name": "20080414 Secunia Research: Autonomy Keyview EML Reader Buffer Overflows",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490832/100/0/threaded"
            },
            {
              "name": "ADV-2008-1156",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1156"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
            },
            {
              "name": "28454",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28454"
            },
            {
              "name": "28210",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28210"
            },
            {
              "name": "http://secunia.com/secunia_research/2007-91/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2007-91/advisory/"
            },
            {
              "name": "1019842",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019842"
            },
            {
              "name": "20080414 Secunia Research: Lotus Notes EML Reader Buffer Overflows",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490833/100/0/threaded"
            },
            {
              "name": "ADV-2008-1153",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1153"
            },
            {
              "name": "http://secunia.com/secunia_research/2007-92/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2007-92/advisory/"
            },
            {
              "name": "autonomy-keyview-eml-multiple-bo(41723)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41723"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2007-5399",
    "datePublished": "2008-04-10T18:00:00",
    "dateReserved": "2007-10-12T00:00:00",
    "dateUpdated": "2024-08-07T15:31:58.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-1101 (GCVE-0-2008-1101)

Vulnerability from cvelistv5

Published

2008-04-10 18:00

Modified

2024-08-07 08:08

Severity ?

CWE

n/a

Summary

Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document.

References

►

URL

Tags

	http://secunia.com/advisories/28140	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/28209	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/41725	vdb-entry, x_refsource_XF
	http://www.vupen.com/english/advisories/2008/1156	vdb-entry, x_refsource_VUPEN
	http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/28454	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/28210	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/secunia_research/2008-12/advisory/	x_refsource_MISC
	http://www.securityfocus.com/archive/1/490826/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2008/1153	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:08:57.415Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28140",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28140"
          },
          {
            "name": "28209",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28209"
          },
          {
            "name": "autonomy-keyview-kvdocve-bo(41725)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41725"
          },
          {
            "name": "ADV-2008-1156",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1156"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
          },
          {
            "name": "28454",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28454"
          },
          {
            "name": "28210",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28210"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2008-12/advisory/"
          },
          {
            "name": "20080414 Secunia Research: Lotus Notes kvdocve.dll Path Processing BufferOverflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490826/100/0/threaded"
          },
          {
            "name": "ADV-2008-1153",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1153"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "28140",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28140"
        },
        {
          "name": "28209",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28209"
        },
        {
          "name": "autonomy-keyview-kvdocve-bo(41725)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41725"
        },
        {
          "name": "ADV-2008-1156",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1156"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
        },
        {
          "name": "28454",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28454"
        },
        {
          "name": "28210",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28210"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2008-12/advisory/"
        },
        {
          "name": "20080414 Secunia Research: Lotus Notes kvdocve.dll Path Processing BufferOverflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490826/100/0/threaded"
        },
        {
          "name": "ADV-2008-1153",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1153"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2008-1101",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28140",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28140"
            },
            {
              "name": "28209",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28209"
            },
            {
              "name": "autonomy-keyview-kvdocve-bo(41725)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41725"
            },
            {
              "name": "ADV-2008-1156",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1156"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
            },
            {
              "name": "28454",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28454"
            },
            {
              "name": "28210",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28210"
            },
            {
              "name": "http://secunia.com/secunia_research/2008-12/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2008-12/advisory/"
            },
            {
              "name": "20080414 Secunia Research: Lotus Notes kvdocve.dll Path Processing BufferOverflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490826/100/0/threaded"
            },
            {
              "name": "ADV-2008-1153",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1153"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2008-1101",
    "datePublished": "2008-04-10T18:00:00",
    "dateReserved": "2008-02-29T00:00:00",
    "dateUpdated": "2024-08-07T08:08:57.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-3037 (GCVE-0-2009-3037)

Vulnerability from cvelistv5

Published

2009-09-01 16:00

Modified

2024-08-07 06:14

Severity ?

CWE

n/a

Summary

Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.

References

►

URL

Tags

	http://www.vupen.com/english/advisories/2009/2389	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/36042	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/36472	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/36474	third-party-advisory, x_refsource_SECUNIA
	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00	x_refsource_CONFIRM
	http://www-01.ibm.com/support/docview.wss?uid=swg21396492	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/36124	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:14:55.464Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-2389",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2389"
          },
          {
            "name": "36042",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36042"
          },
          {
            "name": "36472",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36472"
          },
          {
            "name": "36474",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36474"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090825_00"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396492"
          },
          {
            "name": "36124",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36124"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-02-07T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2009-2389",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2389"
        },
        {
          "name": "36042",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36042"
        },
        {
          "name": "36472",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36472"
        },
        {
          "name": "36474",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36474"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090825_00"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396492"
        },
        {
          "name": "36124",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36124"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3037",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-2389",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2389"
            },
            {
              "name": "36042",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36042"
            },
            {
              "name": "36472",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36472"
            },
            {
              "name": "36474",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36474"
            },
            {
              "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090825_00",
              "refsource": "CONFIRM",
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090825_00"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21396492",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396492"
            },
            {
              "name": "36124",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36124"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3037",
    "datePublished": "2009-09-01T16:00:00",
    "dateReserved": "2009-09-01T00:00:00",
    "dateUpdated": "2024-08-07T06:14:55.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1512 (GCVE-0-2011-1512)

Vulnerability from cvelistv5

Published

2011-05-31 20:00

Modified

2024-08-06 22:28

Severity ?

CWE

n/a

Summary

Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR.

References

►

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg21500034	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/47962	vdb-entry, x_refsource_BID
	http://www.securityfocus.com/archive/1/518120/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/44624	third-party-advisory, x_refsource_SECUNIA
	http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow	x_refsource_MISC
	http://securityreason.com/securityalert/8263	third-party-advisory, x_refsource_SREASON
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14203	vdb-entry, signature, x_refsource_OVAL
	https://exchange.xforce.ibmcloud.com/vulnerabilities/67619	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.814Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21500034"
          },
          {
            "name": "47962",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47962"
          },
          {
            "name": "20110524 CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/518120/100/0/threaded"
          },
          {
            "name": "44624",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44624"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow"
          },
          {
            "name": "8263",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8263"
          },
          {
            "name": "oval:org.mitre.oval:def:14203",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14203"
          },
          {
            "name": "lotus-notes-xlssr-bo(67619)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67619"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21500034"
        },
        {
          "name": "47962",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47962"
        },
        {
          "name": "20110524 CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/518120/100/0/threaded"
        },
        {
          "name": "44624",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44624"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow"
        },
        {
          "name": "8263",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8263"
        },
        {
          "name": "oval:org.mitre.oval:def:14203",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14203"
        },
        {
          "name": "lotus-notes-xlssr-bo(67619)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67619"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1512",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21500034",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21500034"
            },
            {
              "name": "47962",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47962"
            },
            {
              "name": "20110524 CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/518120/100/0/threaded"
            },
            {
              "name": "44624",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44624"
            },
            {
              "name": "http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow",
              "refsource": "MISC",
              "url": "http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow"
            },
            {
              "name": "8263",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8263"
            },
            {
              "name": "oval:org.mitre.oval:def:14203",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14203"
            },
            {
              "name": "lotus-notes-xlssr-bo(67619)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67619"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1512",
    "datePublished": "2011-05-31T20:00:00",
    "dateReserved": "2011-03-23T00:00:00",
    "dateUpdated": "2024-08-06T22:28:41.814Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-5406 (GCVE-0-2007-5406)

Vulnerability from cvelistv5

Published

2008-04-10 18:00

Modified

2024-08-07 15:31

Severity ?

CWE

n/a

Summary

kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file.

References

►

URL

Tags

	http://secunia.com/advisories/28140	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29342	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/secunia_research/2007-97/advisory/	x_refsource_MISC
	http://secunia.com/advisories/27763	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/28209	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/490838/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilities/41722	vdb-entry, x_refsource_XF
	http://secunia.com/secunia_research/2007-96/advisory/	x_refsource_MISC
	http://www.vupen.com/english/advisories/2008/1156	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/28454	vdb-entry, x_refsource_BID
	http://secunia.com/secunia_research/2007-95/advisory/	x_refsource_MISC
	http://secunia.com/advisories/28210	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1019844	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/490825/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2008/1154	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/archive/1/490837/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/secunia_research/2007-98/advisory/	x_refsource_MISC
	http://www.securityfocus.com/archive/1/490839/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://securitytracker.com/id?1019805	vdb-entry, x_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2008/1153	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:58.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28140",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28140"
          },
          {
            "name": "29342",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29342"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2007-97/advisory/"
          },
          {
            "name": "27763",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27763"
          },
          {
            "name": "28209",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28209"
          },
          {
            "name": "20080414 Secunia Research: Symantec Mail Security Applix Graphics ParsingVulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490838/100/0/threaded"
          },
          {
            "name": "autonomy-keyview-applix-dos(41722)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41722"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2007-96/advisory/"
          },
          {
            "name": "ADV-2008-1156",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1156"
          },
          {
            "name": "28454",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28454"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2007-95/advisory/"
          },
          {
            "name": "28210",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28210"
          },
          {
            "name": "1019844",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019844"
          },
          {
            "name": "20080414 Secunia Research: Lotus Notes Applix Graphics ParsingVulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490825/100/0/threaded"
          },
          {
            "name": "ADV-2008-1154",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1154"
          },
          {
            "name": "20080414 Secunia Research: Autonomy Keyview Applix Graphics ParsingVulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490837/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2007-98/advisory/"
          },
          {
            "name": "20080414 Secunia Research: activePDF DocConverter Applix Graphics ParsingVulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490839/100/0/threaded"
          },
          {
            "name": "1019805",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019805"
          },
          {
            "name": "ADV-2008-1153",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1153"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "28140",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28140"
        },
        {
          "name": "29342",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29342"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2007-97/advisory/"
        },
        {
          "name": "27763",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27763"
        },
        {
          "name": "28209",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28209"
        },
        {
          "name": "20080414 Secunia Research: Symantec Mail Security Applix Graphics ParsingVulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490838/100/0/threaded"
        },
        {
          "name": "autonomy-keyview-applix-dos(41722)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41722"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2007-96/advisory/"
        },
        {
          "name": "ADV-2008-1156",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1156"
        },
        {
          "name": "28454",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28454"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2007-95/advisory/"
        },
        {
          "name": "28210",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28210"
        },
        {
          "name": "1019844",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019844"
        },
        {
          "name": "20080414 Secunia Research: Lotus Notes Applix Graphics ParsingVulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490825/100/0/threaded"
        },
        {
          "name": "ADV-2008-1154",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1154"
        },
        {
          "name": "20080414 Secunia Research: Autonomy Keyview Applix Graphics ParsingVulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490837/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2007-98/advisory/"
        },
        {
          "name": "20080414 Secunia Research: activePDF DocConverter Applix Graphics ParsingVulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490839/100/0/threaded"
        },
        {
          "name": "1019805",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019805"
        },
        {
          "name": "ADV-2008-1153",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1153"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2007-5406",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28140",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28140"
            },
            {
              "name": "29342",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29342"
            },
            {
              "name": "http://secunia.com/secunia_research/2007-97/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2007-97/advisory/"
            },
            {
              "name": "27763",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27763"
            },
            {
              "name": "28209",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28209"
            },
            {
              "name": "20080414 Secunia Research: Symantec Mail Security Applix Graphics ParsingVulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490838/100/0/threaded"
            },
            {
              "name": "autonomy-keyview-applix-dos(41722)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41722"
            },
            {
              "name": "http://secunia.com/secunia_research/2007-96/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2007-96/advisory/"
            },
            {
              "name": "ADV-2008-1156",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1156"
            },
            {
              "name": "28454",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28454"
            },
            {
              "name": "http://secunia.com/secunia_research/2007-95/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2007-95/advisory/"
            },
            {
              "name": "28210",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28210"
            },
            {
              "name": "1019844",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019844"
            },
            {
              "name": "20080414 Secunia Research: Lotus Notes Applix Graphics ParsingVulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490825/100/0/threaded"
            },
            {
              "name": "ADV-2008-1154",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1154"
            },
            {
              "name": "20080414 Secunia Research: Autonomy Keyview Applix Graphics ParsingVulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490837/100/0/threaded"
            },
            {
              "name": "http://secunia.com/secunia_research/2007-98/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2007-98/advisory/"
            },
            {
              "name": "20080414 Secunia Research: activePDF DocConverter Applix Graphics ParsingVulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490839/100/0/threaded"
            },
            {
              "name": "1019805",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019805"
            },
            {
              "name": "ADV-2008-1153",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1153"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2007-5406",
    "datePublished": "2008-04-10T18:00:00",
    "dateReserved": "2007-10-12T00:00:00",
    "dateUpdated": "2024-08-07T15:31:58.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-1718 (GCVE-0-2008-1718)

Vulnerability from cvelistv5

Published

2008-04-10 18:00

Modified

2024-08-07 08:32

Severity ?

CWE

n/a

Summary

Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail (MIME) attachment.

References

►

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/41856	vdb-entry, x_refsource_XF
	http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:32:01.185Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "autonomy-mimesr-bo(41856)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41856"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail (MIME) attachment."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "autonomy-mimesr-bo(41856)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41856"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1718",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail (MIME) attachment."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "autonomy-mimesr-bo(41856)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41856"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1718",
    "datePublished": "2008-04-10T18:00:00",
    "dateReserved": "2008-04-10T00:00:00",
    "dateUpdated": "2024-08-07T08:32:01.185Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1218 (GCVE-0-2011-1218)

Vulnerability from cvelistv5

Published

2011-05-31 20:00

Modified

2024-08-06 22:21

Severity ?

CWE

n/a

Summary

Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information.

References

►

URL

Tags

	http://www.ibm.com/support/docview.wss?uid=swg21500034	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/47962	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/44624	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14238	vdb-entry, signature, x_refsource_OVAL
	https://exchange.xforce.ibmcloud.com/vulnerabilities/67625	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:21:33.490Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21500034"
          },
          {
            "name": "47962",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47962"
          },
          {
            "name": "44624",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44624"
          },
          {
            "name": "oval:org.mitre.oval:def:14238",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14238"
          },
          {
            "name": "lotus-notes-kvarcve-bo(67625)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67625"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21500034"
        },
        {
          "name": "47962",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47962"
        },
        {
          "name": "44624",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44624"
        },
        {
          "name": "oval:org.mitre.oval:def:14238",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14238"
        },
        {
          "name": "lotus-notes-kvarcve-bo(67625)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67625"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1218",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21500034",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21500034"
            },
            {
              "name": "47962",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47962"
            },
            {
              "name": "44624",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44624"
            },
            {
              "name": "oval:org.mitre.oval:def:14238",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14238"
            },
            {
              "name": "lotus-notes-kvarcve-bo(67625)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67625"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1218",
    "datePublished": "2011-05-31T20:00:00",
    "dateReserved": "2011-03-03T00:00:00",
    "dateUpdated": "2024-08-06T22:21:33.490Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-0066 (GCVE-0-2008-0066)

Vulnerability from cvelistv5

Published

2008-04-10 18:00

Modified

2024-08-07 07:32

Severity ?

CWE

n/a

Summary

Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element.

References

►

URL

Tags

	http://secunia.com/advisories/28140	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/28209	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1019843	vdb-entry, x_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2008/1156	vdb-entry, x_refsource_VUPEN
	http://secunia.com/secunia_research/2008-3/advisory/	x_refsource_MISC
	http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/28454	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/28210	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/490828/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2008/1153	vdb-entry, x_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilities/41724	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:32:24.011Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28140",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28140"
          },
          {
            "name": "28209",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28209"
          },
          {
            "name": "1019843",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019843"
          },
          {
            "name": "ADV-2008-1156",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1156"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2008-3/advisory/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
          },
          {
            "name": "28454",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28454"
          },
          {
            "name": "28210",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28210"
          },
          {
            "name": "20080414 Secunia Research: Lotus Notes htmsr.dll Buffer Overflows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490828/100/0/threaded"
          },
          {
            "name": "ADV-2008-1153",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1153"
          },
          {
            "name": "autonomy-keyview-html-multiple-bo(41724)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41724"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) \"large chunks of data,\" or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "28140",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28140"
        },
        {
          "name": "28209",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28209"
        },
        {
          "name": "1019843",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019843"
        },
        {
          "name": "ADV-2008-1156",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1156"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2008-3/advisory/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
        },
        {
          "name": "28454",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28454"
        },
        {
          "name": "28210",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28210"
        },
        {
          "name": "20080414 Secunia Research: Lotus Notes htmsr.dll Buffer Overflows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490828/100/0/threaded"
        },
        {
          "name": "ADV-2008-1153",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1153"
        },
        {
          "name": "autonomy-keyview-html-multiple-bo(41724)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41724"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2008-0066",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) \"large chunks of data,\" or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28140",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28140"
            },
            {
              "name": "28209",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28209"
            },
            {
              "name": "1019843",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019843"
            },
            {
              "name": "ADV-2008-1156",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1156"
            },
            {
              "name": "http://secunia.com/secunia_research/2008-3/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2008-3/advisory/"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
            },
            {
              "name": "28454",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28454"
            },
            {
              "name": "28210",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28210"
            },
            {
              "name": "20080414 Secunia Research: Lotus Notes htmsr.dll Buffer Overflows",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490828/100/0/threaded"
            },
            {
              "name": "ADV-2008-1153",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1153"
            },
            {
              "name": "autonomy-keyview-html-multiple-bo(41724)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41724"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2008-0066",
    "datePublished": "2008-04-10T18:00:00",
    "dateReserved": "2008-01-03T00:00:00",
    "dateUpdated": "2024-08-07T07:32:24.011Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-6020 (GCVE-0-2007-6020)

Vulnerability from cvelistv5

Published

2008-04-10 18:00

Modified

2024-08-07 15:54

Severity ?

CWE

n/a

Summary

Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file.

References

►

URL

Tags

	http://secunia.com/advisories/28140	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/secunia_research/2007-106/advisory/	x_refsource_MISC
	http://secunia.com/advisories/29342	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/27763	third-party-advisory, x_refsource_SECUNIA
	http://www.symantec.com/avcenter/security/Content/2008.04.08e.html	x_refsource_CONFIRM
	http://secunia.com/advisories/28209	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1156	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/archive/1/490827/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/28454	vdb-entry, x_refsource_BID
	http://secunia.com/secunia_research/2007-105/advisory/	x_refsource_MISC
	http://www.securityfocus.com/archive/1/490829/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/28210	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/490830/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/490831/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilities/41716	vdb-entry, x_refsource_XF
	http://www.vupen.com/english/advisories/2008/1154	vdb-entry, x_refsource_VUPEN
	http://www.securitytracker.com/id?1019841	vdb-entry, x_refsource_SECTRACK
	http://securitytracker.com/id?1019805	vdb-entry, x_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2008/1153	vdb-entry, x_refsource_VUPEN
	http://secunia.com/secunia_research/2007-104/advisory/	x_refsource_MISC
	http://secunia.com/secunia_research/2007-107/advisory/	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:26.510Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28140",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28140"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2007-106/advisory/"
          },
          {
            "name": "29342",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29342"
          },
          {
            "name": "27763",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27763"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/avcenter/security/Content/2008.04.08e.html"
          },
          {
            "name": "28209",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28209"
          },
          {
            "name": "ADV-2008-1156",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1156"
          },
          {
            "name": "20080414 Secunia Research: activePDF DocConverter Folio Flat File ParsingBuffer Overflows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490827/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
          },
          {
            "name": "28454",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28454"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2007-105/advisory/"
          },
          {
            "name": "20080414 Secunia Research: Autonomy Keyview Folio Flat File Parsing BufferOverflows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490829/100/0/threaded"
          },
          {
            "name": "28210",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28210"
          },
          {
            "name": "20080414 Secunia Research: Symantec Mail Security Folio Flat File ParsingBuffer Overflows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490830/100/0/threaded"
          },
          {
            "name": "20080414 Secunia Research: Lotus Notes Folio Flat File Parsing BufferOverflows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490831/100/0/threaded"
          },
          {
            "name": "autonomy-keyview-foliosr-bo(41716)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41716"
          },
          {
            "name": "ADV-2008-1154",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1154"
          },
          {
            "name": "1019841",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019841"
          },
          {
            "name": "1019805",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019805"
          },
          {
            "name": "ADV-2008-1153",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1153"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2007-104/advisory/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2007-107/advisory/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "28140",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28140"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2007-106/advisory/"
        },
        {
          "name": "29342",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29342"
        },
        {
          "name": "27763",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27763"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.symantec.com/avcenter/security/Content/2008.04.08e.html"
        },
        {
          "name": "28209",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28209"
        },
        {
          "name": "ADV-2008-1156",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1156"
        },
        {
          "name": "20080414 Secunia Research: activePDF DocConverter Folio Flat File ParsingBuffer Overflows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490827/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
        },
        {
          "name": "28454",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28454"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2007-105/advisory/"
        },
        {
          "name": "20080414 Secunia Research: Autonomy Keyview Folio Flat File Parsing BufferOverflows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490829/100/0/threaded"
        },
        {
          "name": "28210",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28210"
        },
        {
          "name": "20080414 Secunia Research: Symantec Mail Security Folio Flat File ParsingBuffer Overflows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490830/100/0/threaded"
        },
        {
          "name": "20080414 Secunia Research: Lotus Notes Folio Flat File Parsing BufferOverflows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490831/100/0/threaded"
        },
        {
          "name": "autonomy-keyview-foliosr-bo(41716)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41716"
        },
        {
          "name": "ADV-2008-1154",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1154"
        },
        {
          "name": "1019841",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019841"
        },
        {
          "name": "1019805",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019805"
        },
        {
          "name": "ADV-2008-1153",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1153"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2007-104/advisory/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2007-107/advisory/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2007-6020",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28140",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28140"
            },
            {
              "name": "http://secunia.com/secunia_research/2007-106/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2007-106/advisory/"
            },
            {
              "name": "29342",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29342"
            },
            {
              "name": "27763",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27763"
            },
            {
              "name": "http://www.symantec.com/avcenter/security/Content/2008.04.08e.html",
              "refsource": "CONFIRM",
              "url": "http://www.symantec.com/avcenter/security/Content/2008.04.08e.html"
            },
            {
              "name": "28209",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28209"
            },
            {
              "name": "ADV-2008-1156",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1156"
            },
            {
              "name": "20080414 Secunia Research: activePDF DocConverter Folio Flat File ParsingBuffer Overflows",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490827/100/0/threaded"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
            },
            {
              "name": "28454",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28454"
            },
            {
              "name": "http://secunia.com/secunia_research/2007-105/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2007-105/advisory/"
            },
            {
              "name": "20080414 Secunia Research: Autonomy Keyview Folio Flat File Parsing BufferOverflows",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490829/100/0/threaded"
            },
            {
              "name": "28210",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28210"
            },
            {
              "name": "20080414 Secunia Research: Symantec Mail Security Folio Flat File ParsingBuffer Overflows",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490830/100/0/threaded"
            },
            {
              "name": "20080414 Secunia Research: Lotus Notes Folio Flat File Parsing BufferOverflows",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490831/100/0/threaded"
            },
            {
              "name": "autonomy-keyview-foliosr-bo(41716)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41716"
            },
            {
              "name": "ADV-2008-1154",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1154"
            },
            {
              "name": "1019841",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019841"
            },
            {
              "name": "1019805",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019805"
            },
            {
              "name": "ADV-2008-1153",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1153"
            },
            {
              "name": "http://secunia.com/secunia_research/2007-104/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2007-104/advisory/"
            },
            {
              "name": "http://secunia.com/secunia_research/2007-107/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2007-107/advisory/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2007-6020",
    "datePublished": "2008-04-10T18:00:00",
    "dateReserved": "2007-11-19T00:00:00",
    "dateUpdated": "2024-08-07T15:54:26.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-5405 (GCVE-0-2007-5405)

Vulnerability from cvelistv5

Published

2008-04-10 18:00

Modified

2024-08-07 15:31

Severity ?

CWE

n/a

Summary

Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag.

References

►

URL

Tags

	http://secunia.com/advisories/28140	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/29342	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/secunia_research/2007-97/advisory/	x_refsource_MISC
	http://secunia.com/advisories/27763	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/41721	vdb-entry, x_refsource_XF
	http://www.symantec.com/avcenter/security/Content/2008.04.08e.html	x_refsource_CONFIRM
	http://secunia.com/advisories/28209	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/490838/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/secunia_research/2007-96/advisory/	x_refsource_MISC
	http://www.vupen.com/english/advisories/2008/1156	vdb-entry, x_refsource_VUPEN
	http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/28454	vdb-entry, x_refsource_BID
	http://secunia.com/secunia_research/2007-95/advisory/	x_refsource_MISC
	http://secunia.com/advisories/28210	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1019844	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/490825/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2008/1154	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/archive/1/490837/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/secunia_research/2007-98/advisory/	x_refsource_MISC
	http://www.securityfocus.com/archive/1/490839/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://securitytracker.com/id?1019805	vdb-entry, x_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2008/1153	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:58.216Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28140",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28140"
          },
          {
            "name": "29342",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29342"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2007-97/advisory/"
          },
          {
            "name": "27763",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27763"
          },
          {
            "name": "autonomy-keyview-applix-multiple-bo(41721)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41721"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/avcenter/security/Content/2008.04.08e.html"
          },
          {
            "name": "28209",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28209"
          },
          {
            "name": "20080414 Secunia Research: Symantec Mail Security Applix Graphics ParsingVulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490838/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2007-96/advisory/"
          },
          {
            "name": "ADV-2008-1156",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1156"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
          },
          {
            "name": "28454",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28454"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2007-95/advisory/"
          },
          {
            "name": "28210",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28210"
          },
          {
            "name": "1019844",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019844"
          },
          {
            "name": "20080414 Secunia Research: Lotus Notes Applix Graphics ParsingVulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490825/100/0/threaded"
          },
          {
            "name": "ADV-2008-1154",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1154"
          },
          {
            "name": "20080414 Secunia Research: Autonomy Keyview Applix Graphics ParsingVulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490837/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2007-98/advisory/"
          },
          {
            "name": "20080414 Secunia Research: activePDF DocConverter Applix Graphics ParsingVulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490839/100/0/threaded"
          },
          {
            "name": "1019805",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019805"
          },
          {
            "name": "ADV-2008-1153",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1153"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "28140",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28140"
        },
        {
          "name": "29342",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29342"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2007-97/advisory/"
        },
        {
          "name": "27763",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27763"
        },
        {
          "name": "autonomy-keyview-applix-multiple-bo(41721)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41721"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.symantec.com/avcenter/security/Content/2008.04.08e.html"
        },
        {
          "name": "28209",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28209"
        },
        {
          "name": "20080414 Secunia Research: Symantec Mail Security Applix Graphics ParsingVulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490838/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2007-96/advisory/"
        },
        {
          "name": "ADV-2008-1156",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1156"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
        },
        {
          "name": "28454",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28454"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2007-95/advisory/"
        },
        {
          "name": "28210",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28210"
        },
        {
          "name": "1019844",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019844"
        },
        {
          "name": "20080414 Secunia Research: Lotus Notes Applix Graphics ParsingVulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490825/100/0/threaded"
        },
        {
          "name": "ADV-2008-1154",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1154"
        },
        {
          "name": "20080414 Secunia Research: Autonomy Keyview Applix Graphics ParsingVulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490837/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2007-98/advisory/"
        },
        {
          "name": "20080414 Secunia Research: activePDF DocConverter Applix Graphics ParsingVulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490839/100/0/threaded"
        },
        {
          "name": "1019805",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019805"
        },
        {
          "name": "ADV-2008-1153",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1153"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2007-5405",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28140",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28140"
            },
            {
              "name": "29342",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29342"
            },
            {
              "name": "http://secunia.com/secunia_research/2007-97/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2007-97/advisory/"
            },
            {
              "name": "27763",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27763"
            },
            {
              "name": "autonomy-keyview-applix-multiple-bo(41721)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41721"
            },
            {
              "name": "http://www.symantec.com/avcenter/security/Content/2008.04.08e.html",
              "refsource": "CONFIRM",
              "url": "http://www.symantec.com/avcenter/security/Content/2008.04.08e.html"
            },
            {
              "name": "28209",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28209"
            },
            {
              "name": "20080414 Secunia Research: Symantec Mail Security Applix Graphics ParsingVulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490838/100/0/threaded"
            },
            {
              "name": "http://secunia.com/secunia_research/2007-96/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2007-96/advisory/"
            },
            {
              "name": "ADV-2008-1156",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1156"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
            },
            {
              "name": "28454",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28454"
            },
            {
              "name": "http://secunia.com/secunia_research/2007-95/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2007-95/advisory/"
            },
            {
              "name": "28210",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28210"
            },
            {
              "name": "1019844",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019844"
            },
            {
              "name": "20080414 Secunia Research: Lotus Notes Applix Graphics ParsingVulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490825/100/0/threaded"
            },
            {
              "name": "ADV-2008-1154",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1154"
            },
            {
              "name": "20080414 Secunia Research: Autonomy Keyview Applix Graphics ParsingVulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490837/100/0/threaded"
            },
            {
              "name": "http://secunia.com/secunia_research/2007-98/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2007-98/advisory/"
            },
            {
              "name": "20080414 Secunia Research: activePDF DocConverter Applix Graphics ParsingVulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490839/100/0/threaded"
            },
            {
              "name": "1019805",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019805"
            },
            {
              "name": "ADV-2008-1153",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1153"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2007-5405",
    "datePublished": "2008-04-10T18:00:00",
    "dateReserved": "2007-10-12T00:00:00",
    "dateUpdated": "2024-08-07T15:31:58.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd

Published

2008-04-10 18:05

Modified

2025-04-09 00:30

Severity ?

Summary

Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag.

References

URL	Tags
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/27763	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28140	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28209	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28210	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/29342	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2007-95/advisory/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2007-96/advisory/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2007-97/advisory/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2007-98/advisory/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://securitytracker.com/id?1019805
PSIRT-CNA@flexerasoftware.com	http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/490825/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/490837/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/490838/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/490839/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/bid/28454
PSIRT-CNA@flexerasoftware.com	http://www.securitytracker.com/id?1019844
PSIRT-CNA@flexerasoftware.com	http://www.symantec.com/avcenter/security/Content/2008.04.08e.html
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1153
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1154
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1156
PSIRT-CNA@flexerasoftware.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/41721
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27763	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28140	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28209	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28210	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29342	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2007-95/advisory/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2007-96/advisory/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2007-97/advisory/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2007-98/advisory/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019805
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490825/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490837/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490838/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490839/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28454
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019844
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/avcenter/security/Content/2008.04.08e.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1153
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1154
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1156
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41721

Impacted products

Vendor	Product	Version
activepdf	docconverter	3.8.2_.5
activepdf	docconverter	3.8.4.0
autonomy	keyview	2.0.0.2
autonomy	keyview	10.3.0.0
ibm	lotus_notes	6.0
ibm	lotus_notes	6.5
ibm	lotus_notes	7.0
ibm	lotus_notes	7.0.2
ibm	lotus_notes	7.0.3
symantec	mail_security	5.0
symantec	mail_security	5.0.0
symantec	mail_security	5.0.1
symantec	mail_security	7.5
symantec	mail_security_appliance	5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:activepdf:docconverter:3.8.2_.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D165E31-F294-4F7E-959F-7AFE69AF90A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:activepdf:docconverter:3.8.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4286B71-18BA-4BC0-9E2C-6D00A24974E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:autonomy:keyview:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6634684-2416-4A5C-A5C7-B1E946B33419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:autonomy:keyview:10.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D3BC2-ED1F-4C5B-8F94-67AE1909580D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E234AD1-7202-421E-82C8-880E84876021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "68AEB13D-C7C6-426F-8484-85EFF7245DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3449A490-865A-4262-8482-429DEF455644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F01C5CFC-7FB8-4D29-95AC-8EF59B0C170D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0:*:microsoft_exchange:*:*:*:*:*",
              "matchCriteriaId": "9608BF57-0D9A-4874-BFDA-C92447FACD70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*",
              "matchCriteriaId": "5E7788BD-652E-4306-AED0-6AE7F9A07836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*",
              "matchCriteriaId": "A8430D5E-A8A7-4724-8A6B-B5E2CA437729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:7.5:*:domino:*:*:*:*:*",
              "matchCriteriaId": "7D29BE63-3E26-4136-BAB1-AA3D50BA71F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security_appliance:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CA92128-13DD-47D8-8822-23C4CDDFB715",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer  en kpagrdr.dll 2.0.0.2 y 10.3.0.0 en el lector  Applix Presents de Autonomy (anteriormente Verity) KeyView,usado por IBM Lotus Notes, Symantec Mail Security, y activePDF DocConverter, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo .ag con (1)un atributo ENCODING largo en la etiqueta *BEGIN, (2) un token largo, o (3) la etiqueta inicial *BEGIN."
    }
  ],
  "id": "CVE-2007-5405",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-04-10T18:05:00.000",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27763"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28140"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28209"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28210"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29342"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-95/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-96/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-97/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-98/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://securitytracker.com/id?1019805"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/490825/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/490837/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/490838/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/490839/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/28454"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securitytracker.com/id?1019844"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.symantec.com/avcenter/security/Content/2008.04.08e.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1153"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1154"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1156"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-95/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-96/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-97/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-98/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1019805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490825/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490837/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490838/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490839/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019844"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.symantec.com/avcenter/security/Content/2008.04.08e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41721"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-04-10 18:05

Modified

2025-04-09 00:30

Severity ?

Summary

Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element.

References

URL	Tags
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28140	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28209	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28210	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2008-3/advisory/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/490828/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/bid/28454
PSIRT-CNA@flexerasoftware.com	http://www.securitytracker.com/id?1019843
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1153
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1156
PSIRT-CNA@flexerasoftware.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/41724
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28140	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28209	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28210	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2008-3/advisory/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490828/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28454
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019843
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1153
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1156
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41724

Impacted products

Vendor	Product	Version
autonomy	keyview	*
ibm	lotus_notes	7.0.2
ibm	lotus_notes	7.0.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:autonomy:keyview:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A31DE25-F7B5-4AEA-B870-2B852F4FD8A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3449A490-865A-4262-8482-429DEF455644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F01C5CFC-7FB8-4D29-95AC-8EF59B0C170D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) \"large chunks of data,\" or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en htmsr.dll en el lector r\u00e1pido HTML de Autonomy (anteriormente Verity) KeyView, usado por IBM Lotus Notes 7.0.2 and 7.0.3, permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s un documento HTML con (1)\"large chunks of data,\" (grandes cadenas/trozos de datos) o una URL larga en (2)  el atributo BACKGROUND del elemento BODY (3) o a trav\u00e9s del atributo SRC de una etiqueta IMG."
    }
  ],
  "id": "CVE-2008-0066",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-04-10T18:05:00.000",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28140"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28209"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28210"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2008-3/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/490828/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/28454"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securitytracker.com/id?1019843"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1153"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1156"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2008-3/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490828/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41724"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-04-10 18:05

Modified

2025-04-09 00:30

Severity ?

Summary

Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file.

References

URL	Tags
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/27763	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28140	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28209	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28210	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/29342	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2007-104/advisory/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2007-105/advisory/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2007-106/advisory/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2007-107/advisory/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://securitytracker.com/id?1019805
PSIRT-CNA@flexerasoftware.com	http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/490827/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/490829/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/490830/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/490831/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/bid/28454
PSIRT-CNA@flexerasoftware.com	http://www.securitytracker.com/id?1019841
PSIRT-CNA@flexerasoftware.com	http://www.symantec.com/avcenter/security/Content/2008.04.08e.html
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1153
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1154
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1156
PSIRT-CNA@flexerasoftware.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/41716
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27763	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28140	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28209	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28210	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29342	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2007-104/advisory/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2007-105/advisory/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2007-106/advisory/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2007-107/advisory/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019805
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490827/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490829/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490830/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490831/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28454
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019841
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/avcenter/security/Content/2008.04.08e.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1153
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1154
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1156
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41716

Impacted products

Vendor	Product	Version
activepdf	docconverter	3.8.4.0
autonomy	keyview	2.0.0.2
autonomy	keyview	10.3.0.0
ibm	lotus_notes	6.0
ibm	lotus_notes	6.5
ibm	lotus_notes	7.0
ibm	lotus_notes	7.0.2
ibm	lotus_notes	7.0.3
symantec	mail_security	5.0
symantec	mail_security	5.0.0
symantec	mail_security	5.0.1
symantec	mail_security	7.5
symantec	mail_security_appliance	5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:activepdf:docconverter:3.8.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4286B71-18BA-4BC0-9E2C-6D00A24974E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:autonomy:keyview:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6634684-2416-4A5C-A5C7-B1E946B33419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:autonomy:keyview:10.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D3BC2-ED1F-4C5B-8F94-67AE1909580D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E234AD1-7202-421E-82C8-880E84876021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "68AEB13D-C7C6-426F-8484-85EFF7245DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3449A490-865A-4262-8482-429DEF455644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F01C5CFC-7FB8-4D29-95AC-8EF59B0C170D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0:*:microsoft_exchange:*:*:*:*:*",
              "matchCriteriaId": "9608BF57-0D9A-4874-BFDA-C92447FACD70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*",
              "matchCriteriaId": "5E7788BD-652E-4306-AED0-6AE7F9A07836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*",
              "matchCriteriaId": "A8430D5E-A8A7-4724-8A6B-B5E2CA437729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:7.5:*:domino:*:*:*:*:*",
              "matchCriteriaId": "7D29BE63-3E26-4136-BAB1-AA3D50BA71F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security_appliance:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CA92128-13DD-47D8-8822-23C4CDDFB715",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila en foliosr.dll en el lector r\u00e1pido Folio Flat File de Autonomy (anteriormente Verity) KeyView 10.3.0.0, usado por IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, permiten a atacentes remotos ejecutar c\u00f3digo de su elecci\u00f3na trav\u00e9s de un valor largo en los atributos de las etiquetas (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS en un fichero .fff."
    }
  ],
  "id": "CVE-2007-6020",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-04-10T18:05:00.000",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27763"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28140"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28209"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28210"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29342"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-104/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-105/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-106/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-107/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://securitytracker.com/id?1019805"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/490827/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/490829/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/490830/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/490831/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/28454"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securitytracker.com/id?1019841"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.symantec.com/avcenter/security/Content/2008.04.08e.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1153"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1154"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1156"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-104/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-105/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-106/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-107/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1019805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490827/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490829/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490830/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490831/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.symantec.com/avcenter/security/Content/2008.04.08e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41716"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-04-10 18:05

Modified

2025-04-09 00:30

Severity ?

Summary

Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote attackers to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority, (8) Importance, or (9) X-MSMail-Priority header; (10) a long string at the beginning of an RFC2047 encoded-word in a header; (11) a long text string in an RFC2047 encoded-word in a header; or (12) a long Subject header, related to creation of an associated filename.

References

URL	Tags
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28209	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28210	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2007-91/advisory/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2007-92/advisory/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/490832/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/490833/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/bid/28454
PSIRT-CNA@flexerasoftware.com	http://www.securitytracker.com/id?1019842
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1153
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1156
PSIRT-CNA@flexerasoftware.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/41723
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28209	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28210	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2007-91/advisory/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2007-92/advisory/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490832/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490833/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28454
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019842
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1153
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1156
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41723

Impacted products

Vendor	Product	Version
autonomy	keyview	10.3.0.0
ibm	lotus_notes	6.0
ibm	lotus_notes	6.5
ibm	lotus_notes	7.0
ibm	lotus_notes	7.0.2
ibm	lotus_notes	7.0.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:autonomy:keyview:10.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D3BC2-ED1F-4C5B-8F94-67AE1909580D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E234AD1-7202-421E-82C8-880E84876021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "68AEB13D-C7C6-426F-8484-85EFF7245DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3449A490-865A-4262-8482-429DEF455644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F01C5CFC-7FB8-4D29-95AC-8EF59B0C170D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote attackers to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority, (8) Importance, or (9) X-MSMail-Priority header; (10) a long string at the beginning of an RFC2047 encoded-word in a header; (11) a long text string in an RFC2047 encoded-word in a header; or (12) a long Subject header, related to creation of an associated filename."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer basados en mont\u00edculo en emlsd.dll en el lector EML en Autonomy (anteriormente Verity) KeyView 10.3.0.0, usado en IBM Lotus Notes, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un campo largo(1) To(para) , (2) Cc, (3) Bcc, (4) From (desde), (5) Date, (6) Subject (Asunto), (7) Priority, (8) Importance, or (9)cabecera X-MSMail-Priority; (10) una cadena larga al comiezo de un palabra en la cabecera codificada RFC2047; (11)un texto largo al comienzo de un palabra en la cabecera codificada RFC2047; o (12) una cabecera de Subject(Asunto) larga, relacionada con la creaci\u00f3n de un fichero asociado."
    }
  ],
  "id": "CVE-2007-5399",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-04-10T18:05:00.000",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28209"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28210"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-91/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-92/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/490832/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/490833/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/28454"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securitytracker.com/id?1019842"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1153"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1156"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-91/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-92/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490832/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490833/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019842"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41723"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2009-09-01 16:30

Modified

2025-04-09 00:30

Severity ?

Summary

Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/36472	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/36474	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=swg21396492	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/36042
cve@mitre.org	http://www.securityfocus.com/bid/36124
cve@mitre.org	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2389	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36472	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36474	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21396492	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36042
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36124
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2389	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	lotus_notes	5.0
ibm	lotus_notes	5.0.1
ibm	lotus_notes	5.0.2
ibm	lotus_notes	5.0.3
ibm	lotus_notes	5.0.4
ibm	lotus_notes	5.0.5
ibm	lotus_notes	5.0.6
ibm	lotus_notes	5.0.9a
ibm	lotus_notes	5.0.10
ibm	lotus_notes	5.0.11
ibm	lotus_notes	5.0.12
ibm	lotus_notes	5.02
ibm	lotus_notes	6.0
ibm	lotus_notes	6.0.1
ibm	lotus_notes	6.0.2
ibm	lotus_notes	6.0.3
ibm	lotus_notes	6.0.4
ibm	lotus_notes	6.0.5
ibm	lotus_notes	6.5
ibm	lotus_notes	6.5.1
ibm	lotus_notes	6.5.2
ibm	lotus_notes	6.5.3
ibm	lotus_notes	6.5.4
ibm	lotus_notes	6.5.5
ibm	lotus_notes	6.5.5
ibm	lotus_notes	6.5.5
ibm	lotus_notes	6.5.6
ibm	lotus_notes	6.5.6
ibm	lotus_notes	7.0
ibm	lotus_notes	7.0.0
ibm	lotus_notes	7.0.1
ibm	lotus_notes	7.0.2
ibm	lotus_notes	7.0.2
ibm	lotus_notes	7.0.3
ibm	lotus_notes	8.0
ibm	lotus_notes	8.0.0
ibm	lotus_notes	8.0.1
ibm	lotus_notes	8.5
symantec	brightmail_appliance	5.0
symantec	brightmail_appliance	8.0.0
symantec	brightmail_appliance	8.0.1
symantec	data_loss_prevention_detection_servers	7.2
symantec	data_loss_prevention_detection_servers	8.1.1
symantec	data_loss_prevention_detection_servers	8.1.1
symantec	data_loss_prevention_detection_servers	9.0.1
symantec	data_loss_prevention_detection_servers	9.0.1
symantec	data_loss_prevention_endpoint_agents	8.1.1
symantec	data_loss_prevention_endpoint_agents	9.0.1
symantec	mail_security	5.0
symantec	mail_security	5.0.0
symantec	mail_security	5.0.1
symantec	mail_security	5.0.1.181
symantec	mail_security	5.0.1.182
symantec	mail_security	5.0.1.189
symantec	mail_security	5.0.1.200
symantec	mail_security	5.0.10
symantec	mail_security	5.0.11
symantec	mail_security	5.0.12
symantec	mail_security	6.0.6
symantec	mail_security	6.0.7
symantec	mail_security	6.0.8
symantec	mail_security	7.5.3.25
symantec	mail_security	7.5.4.29
symantec	mail_security	7.5.5.32
symantec	mail_security	7.5.6
symantec	mail_security	8.0
symantec	mail_security_appliance	5.0
symantec	mail_security_appliance	5.0.0.24
symantec	mail_security_appliance	5.0.0.36
autonomy	keyview	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D5D749-546A-4655-A0BF-0A2D4E9F51A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C43E91B-492D-42E0-9C59-3DA83AF7367B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C944AEC-18C2-487E-8E0F-EC525D21EDF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D4B2601-B62F-4235-BFFD-281235737450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA83054E-5E6B-48A4-8799-5C8507BFEB68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7DEAC0E-C59B-42DB-BB81-E34C9F843486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8809E947-43E1-4D92-A5A5-63FEDBF12318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.9a:*:*:*:*:*:*:*",
              "matchCriteriaId": "780C6EC1-11FD-458C-B59F-11668BA1E466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A7F5626-EB8B-4339-9EB5-C23962DAC95A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB071DF-5C48-4FE8-8DCC-68582A3C1EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "273DF27B-9441-4925-BD7E-5709D7D059EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD51B7AD-1523-4BF4-8DFF-54D5F9A0E66A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E234AD1-7202-421E-82C8-880E84876021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55D037CC-1207-48E2-882E-8B236EE7138F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5059BEF2-84EB-4B5F-84F5-9E3200B068F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB71B7AA-957B-46A6-9BC9-CE23EC721189",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "46CF28C0-51AD-4783-B1F0-205DF64D133A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C0015A2-A70E-4B0C-B59A-44F5F611293D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D94927A9-61FD-459F-9A6D-E581A4AF505C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3B32BA2-9EB7-4294-A857-226A5B1CC401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF64CA16-6C20-42E1-BA68-BD63A873BFA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "12D7DD7B-CA90-44A5-9B7B-4A4985150689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C63D40DF-C6F3-4502-9816-939265F10532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.5:*:fp2:*:*:*:*:*",
              "matchCriteriaId": "F8B5BF9A-F8A7-4C2B-B093-8226D0ED1425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.5:*:fp3:*:*:*:*:*",
              "matchCriteriaId": "04CB50C2-2B01-4A68-BE96-1127B9954F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4598C4A8-B19D-4562-A5B5-D3B090F0C8D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.6:*:fp2:*:*:*:*:*",
              "matchCriteriaId": "66D334E1-9326-4D0A-8D87-572F3E6B44BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "68AEB13D-C7C6-426F-8484-85EFF7245DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "957BA698-9D48-4906-9FF3-584927C978B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646433-DE15-4214-9C78-7D1DAB5A12D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3449A490-865A-4262-8482-429DEF455644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2:*:fp1:*:*:*:*:*",
              "matchCriteriaId": "5614CD60-7690-47E6-AEB3-FB0151EB264C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F01C5CFC-7FB8-4D29-95AC-8EF59B0C170D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "692E295E-E650-42D5-AF7A-D6276C3D76E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1E25625-8570-4744-A2A2-4A4FB4D8AC6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "50660BA1-A24A-4DBF-AB59-1CF04FA54120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0119A252-73B1-490F-9371-06E8FDB8B979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:brightmail_appliance:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF63CB53-00F5-42F5-B2AC-A0B02DB9B636",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:brightmail_appliance:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AA56769-FBFE-4546-8672-5FB3BADF939F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:brightmail_appliance:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E09688-A7FA-496B-AA03-D211BF09FA23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:data_loss_prevention_detection_servers:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "34D947D4-2750-4C73-8CEA-6F9BF3DA5C0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1.1:*:linux:*:*:*:*:*",
              "matchCriteriaId": "D804B423-8990-497F-9FB8-86E3D06F4F70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "6A13CD3B-0529-43E4-A4F8-96B5180B0DA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:data_loss_prevention_detection_servers:9.0.1:*:linux:*:*:*:*:*",
              "matchCriteriaId": "5D92BC1D-E75F-420E-A2DB-DBFC07508A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:data_loss_prevention_detection_servers:9.0.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "ED4D0804-7AE2-45D6-AAD5-F70C14354BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14920820-3D26-4AC4-839E-531ABA6933A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA274AFE-D535-4683-964A-FBCBF2D1291E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0:*:smtp:*:*:*:*:*",
              "matchCriteriaId": "96E660E2-C0F9-499F-A01D-DB368179F28F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*",
              "matchCriteriaId": "5E7788BD-652E-4306-AED0-6AE7F9A07836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*",
              "matchCriteriaId": "A8430D5E-A8A7-4724-8A6B-B5E2CA437729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0.1.181:*:smtp:*:*:*:*:*",
              "matchCriteriaId": "D602A441-863D-4E90-A01D-57C41725D008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0.1.182:*:smtp:*:*:*:*:*",
              "matchCriteriaId": "A792A9C1-95EF-4CE2-B14F-3DEE09BFAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0.1.189:*:smtp:*:*:*:*:*",
              "matchCriteriaId": "5D9C7B86-7F9A-4DF8-A4DF-9A7CA5991D91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0.1.200:*:smtp:*:*:*:*:*",
              "matchCriteriaId": "0117D61C-DEE6-4803-9CF8-27EEBAA493CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0.10:*:microsoft_exchange:*:*:*:*:*",
              "matchCriteriaId": "5BF163AF-E470-492A-940C-B2FB37AA2322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0.11:*:microsoft_exchange:*:*:*:*:*",
              "matchCriteriaId": "95D5B1CF-6C20-4D66-9D30-631441FA953B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0.12:*:microsoft_exchange:*:*:*:*:*",
              "matchCriteriaId": "868EFAF0-F5FA-46EB-99CC-19C1DAF06954",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:6.0.6:*:microsoft_exchange:*:*:*:*:*",
              "matchCriteriaId": "0026CDBB-92E2-45DE-9637-F18224CE3E6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:6.0.7:*:microsoft_exchange:*:*:*:*:*",
              "matchCriteriaId": "12AC5934-DAC3-4866-B31F-71EC14F42CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:6.0.8:*:microsoft_exchange:*:*:*:*:*",
              "matchCriteriaId": "A7604B25-6AA0-4814-A8D4-780811A247B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:7.5.3.25:*:domino:*:*:*:*:*",
              "matchCriteriaId": "07FADB30-A418-43C5-A798-4769C5350E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:7.5.4.29:*:domino:*:*:*:*:*",
              "matchCriteriaId": "6EAB0E10-A62F-42DB-BA86-FBFCFCF0E13D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:7.5.5.32:*:domino:*:*:*:*:*",
              "matchCriteriaId": "70F1A708-9914-4875-B594-D8A9D65182D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:7.5.6:*:domino:*:*:*:*:*",
              "matchCriteriaId": "5D04308D-D372-4760-B67F-A25DEEDF52E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:8.0:*:domino:*:*:*:*:*",
              "matchCriteriaId": "2ABC5ED9-168A-4420-9286-179345BD89DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security_appliance:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CA92128-13DD-47D8-8822-23C4CDDFB715",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security_appliance:5.0.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "B00BFCE1-D01F-408C-931B-A19BC472124B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security_appliance:5.0.0.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A5F6573-0FF1-4660-A9B9-5C6696525C82",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:autonomy:keyview:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A31DE25-F7B5-4AEA-B870-2B852F4FD8A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en xlssr.dll en Autonomy KeyView XLS viewer(tambi\u00e9n conocido como File Viewer para Excel)usado en IBM Lotus Notes v5.x hasta v8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), y otros productos, permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de una manipulaci\u00f3n de la hoja de c\u00e1lculo .xls adjunta."
    }
  ],
  "id": "CVE-2009-3037",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-09-01T16:30:00.767",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36472"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36474"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396492"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36042"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36124"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090825_00"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36474"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396492"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090825_00"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2389"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-04-10 18:05

Modified

2025-04-09 00:30

Severity ?

Summary

kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file.

References

URL	Tags
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/27763	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28140	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28209	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28210	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/29342	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2007-95/advisory/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2007-96/advisory/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2007-97/advisory/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2007-98/advisory/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://securitytracker.com/id?1019805
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/490825/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/490837/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/490838/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/490839/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/bid/28454
PSIRT-CNA@flexerasoftware.com	http://www.securitytracker.com/id?1019844
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1153
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1154
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1156
PSIRT-CNA@flexerasoftware.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/41722
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27763	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28140	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28209	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28210	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29342	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2007-95/advisory/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2007-96/advisory/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2007-97/advisory/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2007-98/advisory/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019805
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490825/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490837/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490838/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490839/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28454
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019844
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1153
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1154
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1156
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41722

Impacted products

Vendor	Product	Version
ibm	lotus_notes	6.0
ibm	lotus_notes	6.5
ibm	lotus_notes	7.0
ibm	lotus_notes	8.0
ibm	lotus_notes	8.0.1
symantec	mail_security	*
symantec	mail_security	5.0
symantec	mail_security	5.0
symantec	mail_security	5.0.0
symantec	mail_security	5.0.1
autonomy	keyview	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E234AD1-7202-421E-82C8-880E84876021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "68AEB13D-C7C6-426F-8484-85EFF7245DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "692E295E-E650-42D5-AF7A-D6276C3D76E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "50660BA1-A24A-4DBF-AB59-1CF04FA54120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:*:*:domino:*:*:*:*:*",
              "matchCriteriaId": "6D9CF359-CBCB-4EA2-B189-3CF01CE694D0",
              "versionEndIncluding": "7.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C3D6178-9D83-44C7-8EBB-50CDB68CB5EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0:*:microsoft_exchange:*:*:*:*:*",
              "matchCriteriaId": "9608BF57-0D9A-4874-BFDA-C92447FACD70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*",
              "matchCriteriaId": "5E7788BD-652E-4306-AED0-6AE7F9A07836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*",
              "matchCriteriaId": "A8430D5E-A8A7-4724-8A6B-B5E2CA437729",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:autonomy:keyview:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A31DE25-F7B5-4AEA-B870-2B852F4FD8A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file."
    },
    {
      "lang": "es",
      "value": "kpagrdr.dll 2.0.0.2 y 10.3.0.0 en el lector  Applix Presents de Autonomy (anteriormente Verity) KeyView, usado por IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, no parsea adecuadamente los token largos, lo que permite a atacantes remotos  provocar una denegaci\u00f3n de servicio (consumo de memoria y CPU) a trav\u00e9s de un fichero .ag manipulado."
    }
  ],
  "evaluatorComment": "IBM description: http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453\r\n\r\nSymantec description:\r\nhttp://www.symantec.com/avcenter/security/Content/2008.04.08e.html",
  "id": "CVE-2007-5406",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-04-10T18:05:00.000",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27763"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28140"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28209"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28210"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29342"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-95/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-96/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-97/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-98/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://securitytracker.com/id?1019805"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/490825/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/490837/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/490838/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/490839/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/28454"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securitytracker.com/id?1019844"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1153"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1154"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1156"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-95/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-96/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-97/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-98/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1019805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490825/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490837/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490838/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490839/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019844"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41722"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-05-31 20:55

Modified

2025-04-11 00:51

Severity ?

Summary

Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/44624	Vendor Advisory
cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=swg21500034
cve@mitre.org	http://www.securityfocus.com/bid/47962
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/67625
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14238
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44624	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21500034
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47962
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/67625
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14238

Impacted products

Vendor	Product	Version
autonomy	keyview	*
ibm	lotus_notes	*
ibm	lotus_notes	3.0
ibm	lotus_notes	3.0.0.1
ibm	lotus_notes	3.0.0.2
ibm	lotus_notes	4.2
ibm	lotus_notes	4.2.1
ibm	lotus_notes	4.2.2
ibm	lotus_notes	4.5
ibm	lotus_notes	4.6
ibm	lotus_notes	4.6.7a
ibm	lotus_notes	4.6.7h
ibm	lotus_notes	5.0
ibm	lotus_notes	5.0.1
ibm	lotus_notes	5.0.1.02
ibm	lotus_notes	5.0.1a
ibm	lotus_notes	5.0.1b
ibm	lotus_notes	5.0.1c
ibm	lotus_notes	5.0.2
ibm	lotus_notes	5.0.2a
ibm	lotus_notes	5.0.2b
ibm	lotus_notes	5.0.2c
ibm	lotus_notes	5.0.3
ibm	lotus_notes	5.0.4
ibm	lotus_notes	5.0.4a
ibm	lotus_notes	5.0.5
ibm	lotus_notes	5.0.5.01
ibm	lotus_notes	5.0.5.02
ibm	lotus_notes	5.0.6
ibm	lotus_notes	5.0.6a
ibm	lotus_notes	5.0.6a.01
ibm	lotus_notes	5.0.7
ibm	lotus_notes	5.0.7a
ibm	lotus_notes	5.0.8
ibm	lotus_notes	5.0.9
ibm	lotus_notes	5.0.9a
ibm	lotus_notes	5.0.10
ibm	lotus_notes	5.0.11
ibm	lotus_notes	5.0.12
ibm	lotus_notes	5.0a
ibm	lotus_notes	5.02
ibm	lotus_notes	6.0
ibm	lotus_notes	6.0.1
ibm	lotus_notes	6.0.1
ibm	lotus_notes	6.0.1
ibm	lotus_notes	6.0.1
ibm	lotus_notes	6.0.2
ibm	lotus_notes	6.0.2
ibm	lotus_notes	6.0.2
ibm	lotus_notes	6.0.2.2
ibm	lotus_notes	6.0.3
ibm	lotus_notes	6.0.4
ibm	lotus_notes	6.0.5
ibm	lotus_notes	6.5
ibm	lotus_notes	6.5.1
ibm	lotus_notes	6.5.2
ibm	lotus_notes	6.5.3
ibm	lotus_notes	6.5.3.1
ibm	lotus_notes	6.5.4
ibm	lotus_notes	6.5.4.1
ibm	lotus_notes	6.5.4.2
ibm	lotus_notes	6.5.4.3
ibm	lotus_notes	6.5.5
ibm	lotus_notes	6.5.5.1
ibm	lotus_notes	6.5.5.2
ibm	lotus_notes	6.5.5.3
ibm	lotus_notes	6.5.6
ibm	lotus_notes	6.5.6.1
ibm	lotus_notes	6.5.6.2
ibm	lotus_notes	6.5.6.3
ibm	lotus_notes	7.0
ibm	lotus_notes	7.0.0
ibm	lotus_notes	7.0.1
ibm	lotus_notes	7.0.1.1
ibm	lotus_notes	7.0.2
ibm	lotus_notes	7.0.2.1
ibm	lotus_notes	7.0.2.2
ibm	lotus_notes	7.0.2.3
ibm	lotus_notes	7.0.3
ibm	lotus_notes	7.0.3.1
ibm	lotus_notes	7.0.4
ibm	lotus_notes	7.0.4.0
ibm	lotus_notes	7.0.4.1
ibm	lotus_notes	7.0.4.2
ibm	lotus_notes	8.0
ibm	lotus_notes	8.0.0
ibm	lotus_notes	8.0.1
ibm	lotus_notes	8.0.2
ibm	lotus_notes	8.0.2.0
ibm	lotus_notes	8.0.2.1
ibm	lotus_notes	8.0.2.2
ibm	lotus_notes	8.0.2.3
ibm	lotus_notes	8.0.2.4
ibm	lotus_notes	8.0.2.5
ibm	lotus_notes	8.0.2.6
ibm	lotus_notes	8.5
ibm	lotus_notes	8.5.0.0
ibm	lotus_notes	8.5.0.1
ibm	lotus_notes	8.5.1
ibm	lotus_notes	8.5.1.0
ibm	lotus_notes	8.5.1.1
ibm	lotus_notes	8.5.1.2
ibm	lotus_notes	8.5.1.3
ibm	lotus_notes	8.5.1.4
ibm	lotus_notes	8.5.1.5
ibm	lotus_notes	8.5.2.0
ibm	lotus_notes	8.5.2.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:autonomy:keyview:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A31DE25-F7B5-4AEA-B870-2B852F4FD8A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F06E9E8E-9A82-4665-A848-5E0BAD141A1C",
              "versionEndIncluding": "8.5.2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "024E3378-AB78-41CE-8BE3-CB26F0FCC6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59D68592-A475-4D35-8A8F-5A4EEDA5A1A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:3.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9727C084-8043-43D7-9BF3-1D49BBA33772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9409A77C-1927-4C1C-945A-10F8CD8DB287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE08605F-643F-4562-934E-CA46DF3CE57C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE78A5CE-28D9-47AB-9831-F4C0F0843EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8376F4C1-44AE-42A8-A087-E3845FD2A0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A697B26-0600-416A-B0FA-BE031EB6D8A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:4.6.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "2851AFEE-2598-4CDC-A1B3-D119A647F4B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:4.6.7h:*:*:*:*:*:*:*",
              "matchCriteriaId": "B730F1C4-2A7C-4305-BEA1-4BA1F1B1F955",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D5D749-546A-4655-A0BF-0A2D4E9F51A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C43E91B-492D-42E0-9C59-3DA83AF7367B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.1.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "7987940E-0F70-4C0F-AB8D-A52934B33777",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBEDCC0A-FCA0-45C2-B202-BF9F90739893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "A25DD7B4-A33F-4810-84C1-D8C57D044769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "924FC755-DF96-4E83-92DB-BD3877E226A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C944AEC-18C2-487E-8E0F-EC525D21EDF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8EC2158-C008-4AD0-85A5-6B4A210A7752",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F3715F6-F157-4BF2-80C3-DC5366C0F5DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.2c:*:*:*:*:*:*:*",
              "matchCriteriaId": "89111665-4C64-46A5-955D-DB5A2A73E6BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D4B2601-B62F-4235-BFFD-281235737450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA83054E-5E6B-48A4-8799-5C8507BFEB68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "77636603-5AEA-475A-9BB7-3C38198A0327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7DEAC0E-C59B-42DB-BB81-E34C9F843486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF14DAF5-D52A-4B59-B67A-7878C2A8431D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "8001558A-B47D-420C-9275-979A06D03572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8809E947-43E1-4D92-A5A5-63FEDBF12318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE790A9-912C-444C-B4B0-BEB212DC4B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.6a.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "2171E8CD-F42A-41A9-A03D-74BE1DF9040F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "21212C5E-A5AB-4080-84A3-603F0425D4CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8F21BD9-A01D-4D3C-831F-80A966F7CF72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "32646B3D-C8C6-4325-8546-38A79EF3446A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "312EAEC3-1E31-48E1-8729-E7AF338F608D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.9a:*:*:*:*:*:*:*",
              "matchCriteriaId": "780C6EC1-11FD-458C-B59F-11668BA1E466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A7F5626-EB8B-4339-9EB5-C23962DAC95A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB071DF-5C48-4FE8-8DCC-68582A3C1EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "273DF27B-9441-4925-BD7E-5709D7D059EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "46196D69-B5FE-49ED-8032-54B4470487EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD51B7AD-1523-4BF4-8DFF-54D5F9A0E66A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E234AD1-7202-421E-82C8-880E84876021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55D037CC-1207-48E2-882E-8B236EE7138F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.1:cf1:*:*:*:*:*:*",
              "matchCriteriaId": "63ABBCF5-A164-458F-A8C6-75FC6CFE101B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.1:cf2:*:*:*:*:*:*",
              "matchCriteriaId": "A174D36F-A4F0-4FE0-AAD7-F57E93BB3805",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.1:cf3:*:*:*:*:*:*",
              "matchCriteriaId": "8EB4A3EA-DD4C-4E98-8E3A-487F0AE9AED0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5059BEF2-84EB-4B5F-84F5-9E3200B068F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.2:cf1:*:*:*:*:*:*",
              "matchCriteriaId": "0CB2FAA8-176F-4AA2-ADFA-F4401C76BB15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.2:cf2:*:*:*:*:*:*",
              "matchCriteriaId": "FEEA994A-F8B6-4A0D-8FCD-ED63F83DDA18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82322774-CEB9-41FD-9319-AE0716EF28CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB71B7AA-957B-46A6-9BC9-CE23EC721189",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "46CF28C0-51AD-4783-B1F0-205DF64D133A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C0015A2-A70E-4B0C-B59A-44F5F611293D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D94927A9-61FD-459F-9A6D-E581A4AF505C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3B32BA2-9EB7-4294-A857-226A5B1CC401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF64CA16-6C20-42E1-BA68-BD63A873BFA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "34625785-9560-4496-9426-BBEE35F6E52C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "12D7DD7B-CA90-44A5-9B7B-4A4985150689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C60350-0731-477D-B280-24109509E7B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCF51F97-14D8-4AC6-B26E-AE9306EAF3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "006C226E-E9CA-4999-B6D4-5DBABF99A4B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C63D40DF-C6F3-4502-9816-939265F10532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9203EC38-2DFD-4259-B636-F9E38AE5AA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C6EF122-510F-4B6D-B2F3-DFD5E8FB76C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1581AEE3-F127-44D8-AA95-6408D9D919A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4598C4A8-B19D-4562-A5B5-D3B090F0C8D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAEF2C65-215E-4900-8054-BC35DFA0BDF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE1176C-39C3-4ED6-9689-4107B546F248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1E016DE-149E-41CD-856E-7B3EE8B0702C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "68AEB13D-C7C6-426F-8484-85EFF7245DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "957BA698-9D48-4906-9FF3-584927C978B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646433-DE15-4214-9C78-7D1DAB5A12D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1AD22A1-A85C-4755-97CB-6B946E1DBE0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3449A490-865A-4262-8482-429DEF455644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "98AF1B57-680B-45E5-9991-83DDE4634EE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC128482-5AA3-43D9-AE5F-154E8485F699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2837D777-5C59-4335-A4BC-611397D1D1AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F01C5CFC-7FB8-4D29-95AC-8EF59B0C170D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37F5FB91-53EE-47BA-84B7-49CE9D83C8A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC9D74FC-8F26-4D1A-B02B-C4037FF8388A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6E0DFE2-22CA-40AE-8CDB-EF5EEE1E6F54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AD640D-BFDC-4E27-BF8B-4FE35DE87890",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB38591-F55A-48B2-AD52-FF266D19BB97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "692E295E-E650-42D5-AF7A-D6276C3D76E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1E25625-8570-4744-A2A2-4A4FB4D8AC6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "50660BA1-A24A-4DBF-AB59-1CF04FA54120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5759CBCB-7B3F-462A-B51A-FD2C6B13CCE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A79FA5-83FB-4067-B2A6-17EAF3947998",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17815F4E-BB34-40D2-A3EE-3C7741940D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DE79982-9E92-498A-B961-55CB1D2D104F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6814E3F-479C-4F56-BF66-C685E60CCA34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9EF5DE-4432-4099-AD59-CDD52E387BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1013797-0442-46A7-A94F-354388BA6B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC228A3-1878-4A9F-8664-F4DFF77BF74B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0119A252-73B1-490F-9371-06E8FDB8B979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "57D24791-E798-4B08-A051-E880DEFB8268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2758590C-67FD-4DD6-84C1-0D32264BBE5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC083C-B25E-427F-B722-B5ABD4F072F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B0CF8A5-BC24-4204-BC06-2E1E2FB60E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA723DB-62C5-4C84-B0BA-5313FDA49D73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92F08B96-D43E-407E-839C-4C3C5BB58B2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E50C779-C780-45FB-BC77-B9717389D2EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "867779A4-A7A5-48AD-9AC0-C6476719A5EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B7B7544-D60C-4B9A-BC29-B30AD86EC9B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D475EF5-DBB3-4B98-BB07-83A2632B5E0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F797A209-65C0-4A20-9DA2-C5576C091DE2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer en kvarcve.dll de Autonomy KeyView, como es utilizado en IBM Lotus Notes en versiones anteriores a la 8.5.2 FP3, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un adjunto .zip modificado. Tambi\u00e9n conocido como SPR PRAD8E3NSP. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceras partes."
    }
  ],
  "id": "CVE-2011-1218",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-05-31T20:55:02.140",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44624"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21500034"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/47962"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67625"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21500034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67625"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14238"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-04-10 18:05

Modified

2025-04-09 00:30

Severity ?

Summary

Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document.

References

URL	Tags
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28140	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28209	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28210	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2008-12/advisory/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/490826/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/bid/28454
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1153
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1156
PSIRT-CNA@flexerasoftware.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/41725
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28140	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28209	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28210	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2008-12/advisory/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490826/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28454
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1153
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1156
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41725

Impacted products

Vendor	Product	Version
autonomy	keyview	2.0.0.2
autonomy	keyview	10.3.0.0
ibm	lotus_notes	6.0
ibm	lotus_notes	6.5
ibm	lotus_notes	7.0
ibm	lotus_notes	7.0.2
ibm	lotus_notes	7.0.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:autonomy:keyview:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6634684-2416-4A5C-A5C7-B1E946B33419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:autonomy:keyview:10.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "589D3BC2-ED1F-4C5B-8F94-67AE1909580D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E234AD1-7202-421E-82C8-880E84876021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "68AEB13D-C7C6-426F-8484-85EFF7245DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3449A490-865A-4262-8482-429DEF455644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F01C5CFC-7FB8-4D29-95AC-8EF59B0C170D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en el motor del visor de documentos KeyView de Autonomy (anteriormente Verity) KeyView, usado por IBM Lotus Notes 7.0.2 y 7.0.3, permite a atacantes remotos  ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un nombre de ruta largo, como se ha demostrado usando un atributo SRC largo en una etiqueta IMG de un documento HTML."
    }
  ],
  "id": "CVE-2008-1101",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-04-10T18:05:00.000",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28140"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28209"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28210"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2008-12/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/490826/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/28454"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1153"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1156"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2008-12/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490826/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41725"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2011-05-31 20:55

Modified

2025-04-11 00:51

Severity ?

Summary

Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/44624	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/8263
cve@mitre.org	http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow	Exploit
cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=swg21500034
cve@mitre.org	http://www.securityfocus.com/archive/1/518120/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/47962
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/67619
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14203
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44624	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8263
af854a3a-2127-422b-91ae-364da2661108	http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg21500034
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/518120/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47962
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/67619
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14203

Impacted products

Vendor	Product	Version
autonomy	keyview	*
ibm	lotus_notes	*
ibm	lotus_notes	3.0
ibm	lotus_notes	3.0.0.1
ibm	lotus_notes	3.0.0.2
ibm	lotus_notes	4.2
ibm	lotus_notes	4.2.1
ibm	lotus_notes	4.2.2
ibm	lotus_notes	4.5
ibm	lotus_notes	4.6
ibm	lotus_notes	4.6.7a
ibm	lotus_notes	4.6.7h
ibm	lotus_notes	5.0
ibm	lotus_notes	5.0.1
ibm	lotus_notes	5.0.1.02
ibm	lotus_notes	5.0.1a
ibm	lotus_notes	5.0.1b
ibm	lotus_notes	5.0.1c
ibm	lotus_notes	5.0.2
ibm	lotus_notes	5.0.2a
ibm	lotus_notes	5.0.2b
ibm	lotus_notes	5.0.2c
ibm	lotus_notes	5.0.3
ibm	lotus_notes	5.0.4
ibm	lotus_notes	5.0.4a
ibm	lotus_notes	5.0.5
ibm	lotus_notes	5.0.5.01
ibm	lotus_notes	5.0.5.02
ibm	lotus_notes	5.0.6
ibm	lotus_notes	5.0.6a
ibm	lotus_notes	5.0.6a.01
ibm	lotus_notes	5.0.7
ibm	lotus_notes	5.0.7a
ibm	lotus_notes	5.0.8
ibm	lotus_notes	5.0.9
ibm	lotus_notes	5.0.9a
ibm	lotus_notes	5.0.10
ibm	lotus_notes	5.0.11
ibm	lotus_notes	5.0.12
ibm	lotus_notes	5.0a
ibm	lotus_notes	5.02
ibm	lotus_notes	6.0
ibm	lotus_notes	6.0.1
ibm	lotus_notes	6.0.1
ibm	lotus_notes	6.0.1
ibm	lotus_notes	6.0.1
ibm	lotus_notes	6.0.2
ibm	lotus_notes	6.0.2
ibm	lotus_notes	6.0.2
ibm	lotus_notes	6.0.2.2
ibm	lotus_notes	6.0.3
ibm	lotus_notes	6.0.4
ibm	lotus_notes	6.0.5
ibm	lotus_notes	6.5
ibm	lotus_notes	6.5.1
ibm	lotus_notes	6.5.2
ibm	lotus_notes	6.5.3
ibm	lotus_notes	6.5.3.1
ibm	lotus_notes	6.5.4
ibm	lotus_notes	6.5.4.1
ibm	lotus_notes	6.5.4.2
ibm	lotus_notes	6.5.4.3
ibm	lotus_notes	6.5.5
ibm	lotus_notes	6.5.5.1
ibm	lotus_notes	6.5.5.2
ibm	lotus_notes	6.5.5.3
ibm	lotus_notes	6.5.6
ibm	lotus_notes	6.5.6.1
ibm	lotus_notes	6.5.6.2
ibm	lotus_notes	6.5.6.3
ibm	lotus_notes	7.0
ibm	lotus_notes	7.0.0
ibm	lotus_notes	7.0.1
ibm	lotus_notes	7.0.1.1
ibm	lotus_notes	7.0.2
ibm	lotus_notes	7.0.2.1
ibm	lotus_notes	7.0.2.2
ibm	lotus_notes	7.0.2.3
ibm	lotus_notes	7.0.3
ibm	lotus_notes	7.0.3.1
ibm	lotus_notes	7.0.4
ibm	lotus_notes	7.0.4.0
ibm	lotus_notes	7.0.4.1
ibm	lotus_notes	7.0.4.2
ibm	lotus_notes	8.0
ibm	lotus_notes	8.0.0
ibm	lotus_notes	8.0.1
ibm	lotus_notes	8.0.2
ibm	lotus_notes	8.0.2.0
ibm	lotus_notes	8.0.2.1
ibm	lotus_notes	8.0.2.2
ibm	lotus_notes	8.0.2.3
ibm	lotus_notes	8.0.2.4
ibm	lotus_notes	8.0.2.5
ibm	lotus_notes	8.0.2.6
ibm	lotus_notes	8.5
ibm	lotus_notes	8.5.0.0
ibm	lotus_notes	8.5.0.1
ibm	lotus_notes	8.5.1
ibm	lotus_notes	8.5.1.0
ibm	lotus_notes	8.5.1.1
ibm	lotus_notes	8.5.1.2
ibm	lotus_notes	8.5.1.3
ibm	lotus_notes	8.5.1.4
ibm	lotus_notes	8.5.1.5
ibm	lotus_notes	8.5.2.0
ibm	lotus_notes	8.5.2.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:autonomy:keyview:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A31DE25-F7B5-4AEA-B870-2B852F4FD8A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F06E9E8E-9A82-4665-A848-5E0BAD141A1C",
              "versionEndIncluding": "8.5.2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "024E3378-AB78-41CE-8BE3-CB26F0FCC6FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:3.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59D68592-A475-4D35-8A8F-5A4EEDA5A1A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:3.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9727C084-8043-43D7-9BF3-1D49BBA33772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9409A77C-1927-4C1C-945A-10F8CD8DB287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE08605F-643F-4562-934E-CA46DF3CE57C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE78A5CE-28D9-47AB-9831-F4C0F0843EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8376F4C1-44AE-42A8-A087-E3845FD2A0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A697B26-0600-416A-B0FA-BE031EB6D8A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:4.6.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "2851AFEE-2598-4CDC-A1B3-D119A647F4B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:4.6.7h:*:*:*:*:*:*:*",
              "matchCriteriaId": "B730F1C4-2A7C-4305-BEA1-4BA1F1B1F955",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D5D749-546A-4655-A0BF-0A2D4E9F51A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C43E91B-492D-42E0-9C59-3DA83AF7367B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.1.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "7987940E-0F70-4C0F-AB8D-A52934B33777",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBEDCC0A-FCA0-45C2-B202-BF9F90739893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "A25DD7B4-A33F-4810-84C1-D8C57D044769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "924FC755-DF96-4E83-92DB-BD3877E226A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C944AEC-18C2-487E-8E0F-EC525D21EDF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8EC2158-C008-4AD0-85A5-6B4A210A7752",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F3715F6-F157-4BF2-80C3-DC5366C0F5DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.2c:*:*:*:*:*:*:*",
              "matchCriteriaId": "89111665-4C64-46A5-955D-DB5A2A73E6BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D4B2601-B62F-4235-BFFD-281235737450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA83054E-5E6B-48A4-8799-5C8507BFEB68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "77636603-5AEA-475A-9BB7-3C38198A0327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7DEAC0E-C59B-42DB-BB81-E34C9F843486",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF14DAF5-D52A-4B59-B67A-7878C2A8431D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "8001558A-B47D-420C-9275-979A06D03572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8809E947-43E1-4D92-A5A5-63FEDBF12318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE790A9-912C-444C-B4B0-BEB212DC4B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.6a.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "2171E8CD-F42A-41A9-A03D-74BE1DF9040F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "21212C5E-A5AB-4080-84A3-603F0425D4CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8F21BD9-A01D-4D3C-831F-80A966F7CF72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "32646B3D-C8C6-4325-8546-38A79EF3446A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "312EAEC3-1E31-48E1-8729-E7AF338F608D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.9a:*:*:*:*:*:*:*",
              "matchCriteriaId": "780C6EC1-11FD-458C-B59F-11668BA1E466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A7F5626-EB8B-4339-9EB5-C23962DAC95A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB071DF-5C48-4FE8-8DCC-68582A3C1EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "273DF27B-9441-4925-BD7E-5709D7D059EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "46196D69-B5FE-49ED-8032-54B4470487EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:5.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD51B7AD-1523-4BF4-8DFF-54D5F9A0E66A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E234AD1-7202-421E-82C8-880E84876021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55D037CC-1207-48E2-882E-8B236EE7138F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.1:cf1:*:*:*:*:*:*",
              "matchCriteriaId": "63ABBCF5-A164-458F-A8C6-75FC6CFE101B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.1:cf2:*:*:*:*:*:*",
              "matchCriteriaId": "A174D36F-A4F0-4FE0-AAD7-F57E93BB3805",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.1:cf3:*:*:*:*:*:*",
              "matchCriteriaId": "8EB4A3EA-DD4C-4E98-8E3A-487F0AE9AED0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5059BEF2-84EB-4B5F-84F5-9E3200B068F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.2:cf1:*:*:*:*:*:*",
              "matchCriteriaId": "0CB2FAA8-176F-4AA2-ADFA-F4401C76BB15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.2:cf2:*:*:*:*:*:*",
              "matchCriteriaId": "FEEA994A-F8B6-4A0D-8FCD-ED63F83DDA18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82322774-CEB9-41FD-9319-AE0716EF28CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB71B7AA-957B-46A6-9BC9-CE23EC721189",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "46CF28C0-51AD-4783-B1F0-205DF64D133A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C0015A2-A70E-4B0C-B59A-44F5F611293D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D94927A9-61FD-459F-9A6D-E581A4AF505C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3B32BA2-9EB7-4294-A857-226A5B1CC401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF64CA16-6C20-42E1-BA68-BD63A873BFA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "34625785-9560-4496-9426-BBEE35F6E52C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "12D7DD7B-CA90-44A5-9B7B-4A4985150689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C60350-0731-477D-B280-24109509E7B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCF51F97-14D8-4AC6-B26E-AE9306EAF3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "006C226E-E9CA-4999-B6D4-5DBABF99A4B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C63D40DF-C6F3-4502-9816-939265F10532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9203EC38-2DFD-4259-B636-F9E38AE5AA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C6EF122-510F-4B6D-B2F3-DFD5E8FB76C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1581AEE3-F127-44D8-AA95-6408D9D919A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4598C4A8-B19D-4562-A5B5-D3B090F0C8D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAEF2C65-215E-4900-8054-BC35DFA0BDF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE1176C-39C3-4ED6-9689-4107B546F248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1E016DE-149E-41CD-856E-7B3EE8B0702C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "68AEB13D-C7C6-426F-8484-85EFF7245DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "957BA698-9D48-4906-9FF3-584927C978B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94646433-DE15-4214-9C78-7D1DAB5A12D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1AD22A1-A85C-4755-97CB-6B946E1DBE0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3449A490-865A-4262-8482-429DEF455644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "98AF1B57-680B-45E5-9991-83DDE4634EE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC128482-5AA3-43D9-AE5F-154E8485F699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2837D777-5C59-4335-A4BC-611397D1D1AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F01C5CFC-7FB8-4D29-95AC-8EF59B0C170D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37F5FB91-53EE-47BA-84B7-49CE9D83C8A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC9D74FC-8F26-4D1A-B02B-C4037FF8388A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6E0DFE2-22CA-40AE-8CDB-EF5EEE1E6F54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AD640D-BFDC-4E27-BF8B-4FE35DE87890",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB38591-F55A-48B2-AD52-FF266D19BB97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "692E295E-E650-42D5-AF7A-D6276C3D76E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1E25625-8570-4744-A2A2-4A4FB4D8AC6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "50660BA1-A24A-4DBF-AB59-1CF04FA54120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5759CBCB-7B3F-462A-B51A-FD2C6B13CCE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A79FA5-83FB-4067-B2A6-17EAF3947998",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17815F4E-BB34-40D2-A3EE-3C7741940D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DE79982-9E92-498A-B961-55CB1D2D104F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6814E3F-479C-4F56-BF66-C685E60CCA34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9EF5DE-4432-4099-AD59-CDD52E387BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1013797-0442-46A7-A94F-354388BA6B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC228A3-1878-4A9F-8664-F4DFF77BF74B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0119A252-73B1-490F-9371-06E8FDB8B979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "57D24791-E798-4B08-A051-E880DEFB8268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2758590C-67FD-4DD6-84C1-0D32264BBE5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FC083C-B25E-427F-B722-B5ABD4F072F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B0CF8A5-BC24-4204-BC06-2E1E2FB60E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA723DB-62C5-4C84-B0BA-5313FDA49D73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92F08B96-D43E-407E-839C-4C3C5BB58B2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E50C779-C780-45FB-BC77-B9717389D2EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "867779A4-A7A5-48AD-9AC0-C6476719A5EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B7B7544-D60C-4B9A-BC29-B30AD86EC9B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D475EF5-DBB3-4B98-BB07-83A2632B5E0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F797A209-65C0-4A20-9DA2-C5576C091DE2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer de memoria din\u00e1mica en xlssr.dll de Autonomy KeyView, como se usa en IBM Lotus Notes en versiones anteriores a 8.5.2 FP3, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un registro BIFF mal formado en un adjunto de hoja de c\u00e1lculo Excel .xls. Tambi\u00e9n conocido como SPR PRAD8E3HKR."
    }
  ],
  "id": "CVE-2011-1512",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-05-31T20:55:02.720",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44624"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/8263"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21500034"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/518120/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/47962"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67619"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.coresecurity.com/content/LotusNotes-XLS-viewer-heap-overflow"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21500034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/518120/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14203"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2008-04-10 18:05

Modified

2025-04-09 00:30

Severity ?

Summary

Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail (MIME) attachment.

References

URL	Tags
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/41856
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41856

Impacted products

Vendor	Product	Version
autonomy	keyview	*
ibm	lotus_notes	6.0
ibm	lotus_notes	6.5
ibm	lotus_notes	7.0
ibm	lotus_notes	8.0
ibm	lotus_notes	8.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:autonomy:keyview:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A31DE25-F7B5-4AEA-B870-2B852F4FD8A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E234AD1-7202-421E-82C8-880E84876021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "68AEB13D-C7C6-426F-8484-85EFF7245DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "692E295E-E650-42D5-AF7A-D6276C3D76E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "50660BA1-A24A-4DBF-AB59-1CF04FA54120",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail (MIME) attachment."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en mimesr.dll en Autonomy (anteriormente Verity) KeyView, usado en IBM Lotus Notes anterior a 8.0, puede permitir a atacantes remotos  asistidos por el usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un mensaje de correo electr\u00f3nico con un adjunto (MIME) manipulado."
    }
  ],
  "evaluatorComment": "Secunia information:\r\nhttp://secunia.com/advisories/28210",
  "id": "CVE-2008-1718",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-04-10T18:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21298453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41856"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerabilites related to autonomy - keyview

CVE-2007-5399 (GCVE-0-2007-5399)

Vulnerability from cvelistv5

CVE-2008-1101 (GCVE-0-2008-1101)

Vulnerability from cvelistv5

CVE-2009-3037 (GCVE-0-2009-3037)

Vulnerability from cvelistv5

CVE-2011-1512 (GCVE-0-2011-1512)

Vulnerability from cvelistv5

CVE-2007-5406 (GCVE-0-2007-5406)

Vulnerability from cvelistv5

CVE-2008-1718 (GCVE-0-2008-1718)

Vulnerability from cvelistv5

CVE-2011-1218 (GCVE-0-2011-1218)

Vulnerability from cvelistv5

CVE-2008-0066 (GCVE-0-2008-0066)

Vulnerability from cvelistv5

CVE-2007-6020 (GCVE-0-2007-6020)

Vulnerability from cvelistv5

CVE-2007-5405 (GCVE-0-2007-5405)

Vulnerability from cvelistv5

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd