Autonomy KeyView Multiple Buffer Overflow Vulnerabilities
BID:26175
Info
Autonomy KeyView Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 26175 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5909 CVE-2007-5910 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 23 2007 12:00AM |
| Updated: | Feb 11 2008 09:26PM |
| Credit: | The vendor credits Tan Chew Keong and The Zero Day Initiative with discovering these vulnerabilities. |
| Vulnerable: |
Symantec Mail Security for SMTP 5.0.1 Symantec Mail Security for SMTP 5.0 Symantec Mail Security for Microsoft Exchange 5.0 Symantec Mail Security for Microsoft Exchange 5.0.7.373 Symantec Mail Security for Microsoft Exchange 5.0.6.368 Symantec Mail Security for Microsoft Exchange 5.0.0.024 Symantec Mail Security for Domino 7.5.0.19 Symantec Mail Security for Domino 7.5 Symantec Mail Security Appliance 5.0 Symantec Mail Security Appliance 5.0.0.24 IBM Lotus Notes 7.0.2 Autonomy Keyview Viewer SDK 9 Autonomy Keyview Viewer SDK 8 Autonomy Keyview Viewer SDK 7 Autonomy Keyview Filter SDK 9 Autonomy Keyview Filter SDK 8 Autonomy Keyview Filter SDK 7 Autonomy Keyview Export SDK 9 Autonomy Keyview Export SDK 8 Autonomy Keyview Export SDK 7 ActivePDF DocConverter 3.8.2 .5 |
| Not Vulnerable: |
Symantec Mail Security Appliance 5.0.0-36 IBM Lotus Notes 7.0.3 IBM Lotus Notes 8.0 |
Discussion
Autonomy KeyView Multiple Buffer Overflow Vulnerabilities
Autonomy KeyView is prone to multiple buffer-overflow vulnerabilities.
Successfully exploiting these issues could allow an attacker to execute arbitrary code in the context of the user running the application.
Multiple applications incorporate the vulnerable KeyView component, so are also considered vulnerable to these issues.
NOTE: This document was previously titled 'IBM Lotus Notes Attachment Viewer Multiple Buffer Overflow Vulnerabilities'. It has been updated and relabeled to properly reflect the vulnerable component.
Autonomy KeyView is prone to multiple buffer-overflow vulnerabilities.
Successfully exploiting these issues could allow an attacker to execute arbitrary code in the context of the user running the application.
Multiple applications incorporate the vulnerable KeyView component, so are also considered vulnerable to these issues.
NOTE: This document was previously titled 'IBM Lotus Notes Attachment Viewer Multiple Buffer Overflow Vulnerabilities'. It has been updated and relabeled to properly reflect the vulnerable component.
Exploit / POC
Autonomy KeyView Multiple Buffer Overflow Vulnerabilities
In certain situations when content scanning is enabled for attachments, an attacker needs only to send a malicious file to an unsuspecting victim. Otherwise, the attacker must entice the victim to open a specially crafted .WPD, .SAM, .MIF, or .DOC file.
The researcher responsible for discovering this issue has developed proof-of-concept exploit code, but it is not publicly available; please see the references for details.
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
UPDATE: (February 11, 2008): DSquare Security has developed a working commercial exploit for its D2 Exploitation Pack product. This exploit is not otherwise publicly available or known to be circulating in the wild.
In certain situations when content scanning is enabled for attachments, an attacker needs only to send a malicious file to an unsuspecting victim. Otherwise, the attacker must entice the victim to open a specially crafted .WPD, .SAM, .MIF, or .DOC file.
The researcher responsible for discovering this issue has developed proof-of-concept exploit code, but it is not publicly available; please see the references for details.
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
UPDATE: (February 11, 2008): DSquare Security has developed a working commercial exploit for its D2 Exploitation Pack product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
Autonomy KeyView Multiple Buffer Overflow Vulnerabilities
Solution:
Please see the referenced advisories for details on obtaining and applying the appropriate updates.
Symantec Mail Security for SMTP 5.0.1
Solution:
Please see the referenced advisories for details on obtaining and applying the appropriate updates.
Symantec Mail Security for SMTP 5.0.1
References
Autonomy KeyView Multiple Buffer Overflow Vulnerabilities
References:
References:
- Buffer overflow vulnerability in Lotus Notes file viewers (.wpd, .sam, .doc, and (IBM)
- Buffer overflow vulnerability in Lotus Notes file viewers (multiple file formats (IBM)
- IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities (Tan Chew Keong)
- IBM Lotus Notes lasr.dll SAM Attachment Viewer Buffer Overflow (Tan Chew Keong)
- IBM Lotus Notes mifsr.dll MIF Attachment Viewer Buffer Overflow (Tan Chew Keong)
- IBM Lotus Notes mwsr.dll DOC Attachment Viewer Buffer Overflow (Tan Chew Keong)
- IBM Lotus Notes wp6sr.dll WPD Attachment Viewer Buffer Overflow (Tan Chew Keong)
- KeyView Homepage (Autonomy)
- Lotus Homepage (IBM)
- Symantec Mail Security for Domino (Symantec)
- Symantec Mail Security for SMTP (Symantec)
- ZDI-07-059 Verity KeyView SDK Multiple File Format Parsing Vulnerabilities (ZeroDay Initiative)
- [vuln.sg] IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities ([email protected])
- SYM07-027 Symantec Mail Security KeyView Module Multiple Buffer Overflow (Symantec)