CVE-2007-6020
Summary
| CVE | CVE-2007-6020 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-04-10 18:05:00 UTC |
| Updated | 2018-10-15 21:49:00 UTC |
| Description | Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Activepdf | Docconverter | 3.8.4.0 | All | All | All |
| Application | Activepdf | Docconverter | 3.8.4.0 | All | All | All |
| Application | Autonomy | Keyview | 10.3.0.0 | All | All | All |
| Application | Autonomy | Keyview | 2.0.0.2 | All | All | All |
| Application | Autonomy | Keyview | 10.3.0.0 | All | All | All |
| Application | Autonomy | Keyview | 2.0.0.2 | All | All | All |
| Application | Ibm | Lotus Notes | 6.0 | All | All | All |
| Application | Ibm | Lotus Notes | 6.5 | All | All | All |
| Application | Ibm | Lotus Notes | 7.0 | All | All | All |
| Application | Ibm | Lotus Notes | 7.0.2 | All | All | All |
| Application | Ibm | Lotus Notes | 7.0.3 | All | All | All |
| Application | Ibm | Lotus Notes | 6.0 | All | All | All |
| Application | Ibm | Lotus Notes | 6.5 | All | All | All |
| Application | Ibm | Lotus Notes | 7.0 | All | All | All |
| Application | Ibm | Lotus Notes | 7.0.2 | All | All | All |
| Application | Ibm | Lotus Notes | 7.0.3 | All | All | All |
| Application | Symantec | Mail Security | 5.0 | All | microsoft_exchange | All |
| Application | Symantec | Mail Security | 5.0.0 | All | smtp | All |
| Application | Symantec | Mail Security | 5.0.1 | All | smtp | All |
| Application | Symantec | Mail Security | 7.5 | All | domino | All |
| Application | Symantec | Mail Security | 5.0 | All | microsoft_exchange | All |
| Application | Symantec | Mail Security | 5.0.0 | All | smtp | All |
| Application | Symantec | Mail Security | 5.0.1 | All | smtp | All |
| Application | Symantec | Mail Security | 7.5 | All | domino | All |
| Application | Symantec | Mail Security Appliance | 5.0 | All | All | All |
| Application | Symantec | Mail Security Appliance | 5.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Lotus Notes Multiple Keyview Parsing Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Autonomy Keyview SDK Multiple Buffer Overflows - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| IBM Lotus Notes Stack Overflows in Folio Flat File Viewer Lets Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| 404 Not Found | CONFIRM | www.symantec.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Symantec Mail Security Folio Flat File Parsing Buffer Overflows - Secunia Research - Secunia | MISC | secunia.com | Vendor Advisory |
| activePDF DocConverter Folio Flat File Parsing Buffer Overflows - Secunia Research - Secunia | MISC | secunia.com | Vendor Advisory |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| IBM Potential security vulnerabilities in Lotus Notes file viewers for Applix Presents, Folio Flat File, HTML speed reader, KeyView and MIME - United States | CONFIRM | www-1.ibm.com | Vendor Advisory |
| Symantec Mail Security for Exchange Attachment Parsing Vulnerabilities - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Autonomy Keyview Folio Flat File Parsing Buffer Overflows - Secunia Research - Secunia | MISC | secunia.com | Vendor Advisory |
| Autonomy KeyView Module Multiple Buffer Overflow Vulnerabilities | BID | www.securityfocus.com | |
| Symantec Mail Security Attachment Parsing Vulnerabilities - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| activePDF DocConverter Multiple Parsing Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| SecurityTracker.com Archives - Symantec Mail Security Buffer Overflows in Autonomy KeyView Module Let Remote Users Execute Arbitrary Code | SECTRACK | securitytracker.com | |
| Vulnerabilities - Secunia Research - Vulnerability Intelligence - Secunia.com | MISC | secunia.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.