Buffer Overflow Vulnerabilities in Autonomy KeyView SDK Affecting Multiple Products
CVE-2007-5909

Currently unrated

Key Information:

Vendor: Symantec
Status: Mail Security; Lotus Notes; Keyview Viewer Sdk; Docconverter
Vendor: CVE Published:; 10 November 2007

Summary

Multiple stack-based buffer overflows exist in Autonomy's KeyView Viewer, Filter, and Export SDK before version 9.2.0.12. These vulnerabilities can be exploited by remote attackers to execute arbitrary code through specially crafted files such as AG, AW, DLL, EXE, DOC, MIF, SAM, or RTF files. Affected products include ActivePDF DocConverter, IBM Lotus Notes (prior to version 7.0.3), and Symantec Mail Security. It is critical for users to update their software to mitigate these vulnerabilities.

References

http://securityreason.com/securityalert/3357

third-party-advisoryx_refsource_SREASON

http://www.zerodayinitiative.com/advisories/ZDI-07-059.html

x_refsource_MISC

http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21...

x_refsource_CONFIRM

EPSS Score

31% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 10, 2007
Vulnerability Reserved
Nov 9, 2007