CVE-2007-6020

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Notes; Mail Security Appliance; Mail Security; Keyview
Vendor: CVE Published:; 10 April 2008

Summary

Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file.

References

http://secunia.com/advisories/28140

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/secunia_research/2007-106/advisory/

x_refsource_MISC

http://secunia.com/advisories/29342

third-party-advisoryx_refsource_SECUNIA

EPSS Score

47% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 10, 2008
Vulnerability Reserved
Nov 19, 2007