Vulnerability Name:

CVE-2007-5909 (CCN-37356)

Assigned:2007-10-23
Published:2007-10-23
Updated:2018-10-15
Summary:Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll.
Note: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Autonomy Web site
Automony Support Site

Source: MITRE
Type: CNA
CVE-2007-5909

Source: CCN
Type: SA27304
Verity Keyview SDK Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
27304

Source: CCN
Type: SA27376
activePDF DocConverter File Parsing Buffer Overflows

Source: CCN
Type: SA27388
Symantec Mail Security for Domino File Parsing Vulnerabilities

Source: CCN
Type: SA27429
Symantec Mail Security for Exchange File Parsing Vulnerabilities

Source: CCN
Type: SA27498
Symantec Mail Security Appliance File Parsing Vulnerabilities

Source: SREASON
Type: UNKNOWN
3357

Source: CCN
Type: SYM07-027
Symantec Mail Security KeyView Module Multiple Buffer Overflow

Source: CONFIRM
Type: UNKNOWN
http://securityresponse.symantec.com/avcenter/security/Content/2007.11.01c.html

Source: CCN
Type: SECTRACK ID: 1018853
IBM Lotus Notes Buffer Overflows in File Attachment Viewer Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1018853

Source: CCN
Type: SECTRACK ID: 1018886
Symantec Mail Security Buffer Overflows in KeyView Module Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1018886

Source: MISC
Type: UNKNOWN
http://vuln.sg/lotusnotes702-en.html

Source: MISC
Type: UNKNOWN
http://vuln.sg/lotusnotes702doc-en.html

Source: CCN
Type: vuln.sg Vulnerability Research Advisory 2007-10-23
IBM Lotus Notes mifsr.dll MIF Attachment Viewer Buffer Overflow

Source: MISC
Type: UNKNOWN
http://vuln.sg/lotusnotes702mif-en.html

Source: MISC
Type: UNKNOWN
http://vuln.sg/lotusnotes702sam-en.html

Source: CONFIRM
Type: UNKNOWN
http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21271111

Source: CONFIRM
Type: UNKNOWN
http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21272836

Source: CCN
Type: IBM Technote (FAQ) 1271111
Buffer overflow vulnerability in Lotus Notes file viewers (.wpd, .sam, .doc, and .mif )

Source: CCN
Type: activePDF Web site
activePDF DocConverter

Source: BUGTRAQ
Type: UNKNOWN
20071023 [vuln.sg] IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities

Source: BUGTRAQ
Type: UNKNOWN
20071031 ZDI-07-059: Verity KeyView SDK Multiple File Format Parsing Vulnerabilities

Source: BID
Type: Patch
26175

Source: CCN
Type: BID-26175
Autonomy KeyView Multiple Buffer Overflow Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2007-3596

Source: VUPEN
Type: UNKNOWN
ADV-2007-3697

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-07-059.html

Source: XF
Type: UNKNOWN
lotus-mifsr-mif-bo(37356)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:activepdf:docconverter:3.8.2_.5:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_export_sdk:*:*:*:*:*:*:*:* (Version <= 9.2.0)
  • OR cpe:/a:autonomy:keyview_filter_sdk:*:*:*:*:*:*:*:* (Version <= 9.2.0)
  • OR cpe:/a:autonomy:keyview_viewer_sdk:*:*:*:*:*:*:*:* (Version <= 9.2.0)
  • OR cpe:/a:ibm:lotus_notes:*:*:*:*:*:*:*:* (Version <= 7.0.2)
  • OR cpe:/a:symantec:mail_security:5.0:*:appliance:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:5.0:*:microsoft_exchange:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:5.0.0.24:*:appliance:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:7.5:*:domino:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:autonomy:keyview_export_sdk:9.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_filter_sdk:9.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_viewer_sdk:9.2.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security_appliance:5.0.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-5909 (CCN-37358)

    Assigned:2007-10-23
    Published:2007-10-23
    Updated:2018-10-15
    Summary:Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll.
    Note: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
    6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
    5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Type:CWE-119
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: Autonomy Web site
    Automony Support Site

    Source: MITRE
    Type: CNA
    CVE-2007-5909

    Source: CCN
    Type: SA27304
    Verity Keyview SDK Multiple Vulnerabilities

    Source: CCN
    Type: SA27376
    activePDF DocConverter File Parsing Buffer Overflows

    Source: CCN
    Type: SA27388
    Symantec Mail Security for Domino File Parsing Vulnerabilities

    Source: CCN
    Type: SA27429
    Symantec Mail Security for Exchange File Parsing Vulnerabilities

    Source: CCN
    Type: SA27498
    Symantec Mail Security Appliance File Parsing Vulnerabilities

    Source: CCN
    Type: SYM07-027
    Symantec Mail Security KeyView Module Multiple Buffer Overflow

    Source: CCN
    Type: SECTRACK ID: 1018853
    IBM Lotus Notes Buffer Overflows in File Attachment Viewer Lets Remote Users Execute Arbitrary Code

    Source: CCN
    Type: SECTRACK ID: 1018886
    Symantec Mail Security Buffer Overflows in KeyView Module Let Remote Users Execute Arbitrary Code

    Source: CCN
    Type: vuln.sg Vulnerability Research Advisory 2007-10-23
    IBM Lotus Notes lasr.dll SAM Attachment Viewer Buffer Overflow

    Source: CCN
    Type: IBM Technote (FAQ) 1271111
    Buffer overflow vulnerability in Lotus Notes file viewers (.wpd, .sam, .doc, and .mif )

    Source: CCN
    Type: activePDF Web site
    activePDF DocConverter

    Source: CCN
    Type: BID-26175
    Autonomy KeyView Multiple Buffer Overflow Vulnerabilities

    Source: XF
    Type: UNKNOWN
    lotus-lasr-sam-bo(37358)

    Vulnerability Name:

    CVE-2007-5909 (CCN-37360)

    Assigned:2007-10-23
    Published:2007-10-23
    Updated:2007-10-23
    Summary:The Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK, which is used in IBM Lotus Notes, Symantec Mail Security, and possibly other applications, is vulnerable to a stack-based buffer overflow in the Microsoft Word for DOS file viewer (mwsr.dll). By persuading a victim to view a specially-crafted .doc file using one of the affected file viewers, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the victim's application to crash.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
    6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
    5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: Autonomy Web site
    Automony Support Site

    Source: MITRE
    Type: CNA
    CVE-2007-5909

    Source: CCN
    Type: SA27304
    Verity Keyview SDK Multiple Vulnerabilities

    Source: CCN
    Type: SA27376
    activePDF DocConverter File Parsing Buffer Overflows

    Source: CCN
    Type: SA27388
    Symantec Mail Security for Domino File Parsing Vulnerabilities

    Source: CCN
    Type: SA27429
    Symantec Mail Security for Exchange File Parsing Vulnerabilities

    Source: CCN
    Type: SA27498
    Symantec Mail Security Appliance File Parsing Vulnerabilities

    Source: CCN
    Type: SYM07-027
    Symantec Mail Security KeyView Module Multiple Buffer Overflow

    Source: CCN
    Type: SECTRACK ID: 1018853
    IBM Lotus Notes Buffer Overflows in File Attachment Viewer Lets Remote Users Execute Arbitrary Code

    Source: CCN
    Type: SECTRACK ID: 1018886
    Symantec Mail Security Buffer Overflows in KeyView Module Let Remote Users Execute Arbitrary Code

    Source: CCN
    Type: vuln.sg Vulnerability Research Advisory 2007-10-23
    IBM Lotus Notes mwsr.dll DOC Attachment Viewer Buffer Overflow

    Source: CCN
    Type: IBM Technote (FAQ) 1271111
    Buffer overflow vulnerability in Lotus Notes file viewers (.wpd, .sam, .doc, and .mif )

    Source: CCN
    Type: activePDF Web site
    activePDF DocConverter

    Source: CCN
    Type: BID-26175
    Autonomy KeyView Multiple Buffer Overflow Vulnerabilities

    Source: XF
    Type: UNKNOWN
    lotus-mwsr-doc-bo(37360)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:autonomy:keyview_export_sdk:9.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_filter_sdk:9.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_viewer_sdk:9.2.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security_appliance:5.0.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-5909 (CCN-37373)

    Assigned:2007-10-23
    Published:2007-10-23
    Updated:2007-10-23
    Summary:The Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK, which is used in IBM Lotus Notes, Symantec Mail Security, and possibly other applications, is vulnerable to a stack-based buffer overflow in the Applix Words (awsr.dll) file viewer, caused by improper bounds checking of Applix Words (.aw) files. By persuading a victim to view a specially-crafted .aw file using one of the affected file viewers, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the victim's application to crash.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
    6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
    5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: Autonomy Web site
    Automony Support Site

    Source: MITRE
    Type: CNA
    CVE-2007-5909

    Source: CCN
    Type: SA27304
    Verity Keyview SDK Multiple Vulnerabilities

    Source: CCN
    Type: SA27376
    activePDF DocConverter File Parsing Buffer Overflows

    Source: CCN
    Type: SA27388
    Symantec Mail Security for Domino File Parsing Vulnerabilities

    Source: CCN
    Type: SA27429
    Symantec Mail Security for Exchange File Parsing Vulnerabilities

    Source: CCN
    Type: SA27498
    Symantec Mail Security Appliance File Parsing Vulnerabilities

    Source: CCN
    Type: SYM07-027
    Symantec Mail Security KeyView Module Multiple Buffer Overflow

    Source: CCN
    Type: SECTRACK ID: 1018853
    IBM Lotus Notes Buffer Overflows in File Attachment Viewer Lets Remote Users Execute Arbitrary Code

    Source: CCN
    Type: SECTRACK ID: 1018886
    Symantec Mail Security Buffer Overflows in KeyView Module Let Remote Users Execute Arbitrary Code

    Source: CCN
    Type: IBM Technote (FAQ) 1272836
    Buffer overflow vulnerability in Lotus Notes file viewers (multiple file formats)

    Source: CCN
    Type: activePDF Web site
    activePDF DocConverter

    Source: CCN
    Type: BID-26175
    Autonomy KeyView Multiple Buffer Overflow Vulnerabilities

    Source: XF
    Type: UNKNOWN
    lotus-aw-applix-bo(37373)

    Source: CCN
    Type: ZDI-07-059
    Verity KeyView SDK Multiple File Format Parsing Vulnerabilities

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:autonomy:keyview_export_sdk:9.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_filter_sdk:9.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_viewer_sdk:9.2.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security_appliance:5.0.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-5909 (CCN-37374)

    Assigned:2007-10-23
    Published:2007-10-23
    Updated:2007-10-23
    Summary:The Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK, which is used in IBM Lotus Notes, Symantec Mail Security, and possibly other applications, is vulnerable to a stack-based buffer overflow in the Applix Presents file viewer (kpagrdr.dll), caused by improper bounds checking of Applix Presents (.ag) files. By persuading a victim to view a specially-crafted .ag file using one of the affected file viewers, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the victim's application to crash.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
    6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
    5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: Autonomy Web site
    Automony Support Site

    Source: MITRE
    Type: CNA
    CVE-2007-5909

    Source: CCN
    Type: SA27304
    Verity Keyview SDK Multiple Vulnerabilities

    Source: CCN
    Type: SA27376
    activePDF DocConverter File Parsing Buffer Overflows

    Source: CCN
    Type: SA27388
    Symantec Mail Security for Domino File Parsing Vulnerabilities

    Source: CCN
    Type: SA27429
    Symantec Mail Security for Exchange File Parsing Vulnerabilities

    Source: CCN
    Type: SA27498
    Symantec Mail Security Appliance File Parsing Vulnerabilities

    Source: CCN
    Type: SYM07-027
    Symantec Mail Security KeyView Module Multiple Buffer Overflow

    Source: CCN
    Type: SECTRACK ID: 1018853
    IBM Lotus Notes Buffer Overflows in File Attachment Viewer Lets Remote Users Execute Arbitrary Code

    Source: CCN
    Type: SECTRACK ID: 1018886
    Symantec Mail Security Buffer Overflows in KeyView Module Let Remote Users Execute Arbitrary Code

    Source: CCN
    Type: IBM Technote (FAQ) 1272836
    Buffer overflow vulnerability in Lotus Notes file viewers (multiple file formats)

    Source: CCN
    Type: activePDF Web site
    activePDF DocConverter

    Source: CCN
    Type: BID-26175
    Autonomy KeyView Multiple Buffer Overflow Vulnerabilities

    Source: XF
    Type: UNKNOWN
    lotus-ag-applix-bo(37374)

    Source: CCN
    Type: ZDI-07-059
    Verity KeyView SDK Multiple File Format Parsing Vulnerabilities

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:autonomy:keyview_export_sdk:9.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_filter_sdk:9.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_viewer_sdk:9.2.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security_appliance:5.0.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-5909 (CCN-37375)

    Assigned:2007-10-23
    Published:2007-10-23
    Updated:2007-10-23
    Summary:The Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK, which is used in IBM Lotus Notes, Symantec Mail Security, and possibly other applications, is vulnerable to a stack-based buffer overflow in the Dynamic Link Library file viewer (exesr.dll), caused by improper bounds checking of Dynamic Link Library (.dll) files. By persuading a victim to view a specially-crafted .dll file using one of the affected file viewers, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the victim's application to crash.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
    6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
    5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: Autonomy Web site
    Automony Support Site

    Source: MITRE
    Type: CNA
    CVE-2007-5909

    Source: CCN
    Type: SA27304
    Verity Keyview SDK Multiple Vulnerabilities

    Source: CCN
    Type: SA27376
    activePDF DocConverter File Parsing Buffer Overflows

    Source: CCN
    Type: SA27388
    Symantec Mail Security for Domino File Parsing Vulnerabilities

    Source: CCN
    Type: SA27429
    Symantec Mail Security for Exchange File Parsing Vulnerabilities

    Source: CCN
    Type: SA27498
    Symantec Mail Security Appliance File Parsing Vulnerabilities

    Source: CCN
    Type: SYM07-027
    Symantec Mail Security KeyView Module Multiple Buffer Overflow

    Source: CCN
    Type: SECTRACK ID: 1018853
    IBM Lotus Notes Buffer Overflows in File Attachment Viewer Lets Remote Users Execute Arbitrary Code

    Source: CCN
    Type: SECTRACK ID: 1018886
    Symantec Mail Security Buffer Overflows in KeyView Module Let Remote Users Execute Arbitrary Code

    Source: CCN
    Type: IBM Technote (FAQ) 1272836
    Buffer overflow vulnerability in Lotus Notes file viewers (multiple file formats)

    Source: CCN
    Type: activePDF Web site
    activePDF DocConverter

    Source: CCN
    Type: BID-26175
    Autonomy KeyView Multiple Buffer Overflow Vulnerabilities

    Source: XF
    Type: UNKNOWN
    lotus-dll-dynamic-bo(37375)

    Source: CCN
    Type: ZDI-07-059
    Verity KeyView SDK Multiple File Format Parsing Vulnerabilities

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:autonomy:keyview_export_sdk:9.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_filter_sdk:9.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_viewer_sdk:9.2.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security_appliance:5.0.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-5909 (CCN-37376)

    Assigned:2007-10-23
    Published:2007-10-23
    Updated:2007-10-23
    Summary:The Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK, which is used in IBM Lotus Notes, Symantec Mail Security, and possibly other applications, is vulnerable to a stack-based buffer overflow in the Microsoft Rich Text Format file viewer (rtfsr.dll), caused by improper bounds checking of Microsoft Rich Text Format (.rtf) files. By persuading a victim to view a specially-crafted .rtf file using one of the affected file viewers, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the victim's application to crash.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
    6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
    5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: Autonomy Web site
    Automony Support Site

    Source: MITRE
    Type: CNA
    CVE-2007-5909

    Source: CCN
    Type: SA27304
    Verity Keyview SDK Multiple Vulnerabilities

    Source: CCN
    Type: SA27376
    activePDF DocConverter File Parsing Buffer Overflows

    Source: CCN
    Type: SA27388
    Symantec Mail Security for Domino File Parsing Vulnerabilities

    Source: CCN
    Type: SA27429
    Symantec Mail Security for Exchange File Parsing Vulnerabilities

    Source: CCN
    Type: SA27498
    Symantec Mail Security Appliance File Parsing Vulnerabilities

    Source: CCN
    Type: SYM07-027
    Symantec Mail Security KeyView Module Multiple Buffer Overflow

    Source: CCN
    Type: SECTRACK ID: 1018853
    IBM Lotus Notes Buffer Overflows in File Attachment Viewer Lets Remote Users Execute Arbitrary Code

    Source: CCN
    Type: SECTRACK ID: 1018886
    Symantec Mail Security Buffer Overflows in KeyView Module Let Remote Users Execute Arbitrary Code

    Source: CCN
    Type: IBM Technote (FAQ) 1272836
    Buffer overflow vulnerability in Lotus Notes file viewers (multiple file formats)

    Source: CCN
    Type: activePDF Web site
    activePDF DocConverter

    Source: CCN
    Type: BID-26175
    Autonomy KeyView Multiple Buffer Overflow Vulnerabilities

    Source: XF
    Type: UNKNOWN
    lotus-rtf-microsoft-bo(37376)

    Source: CCN
    Type: ZDI-07-059
    Verity KeyView SDK Multiple File Format Parsing Vulnerabilities

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:autonomy:keyview_export_sdk:9.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_filter_sdk:9.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_viewer_sdk:9.2.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security_appliance:5.0.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-5909 (CCN-37377)

    Assigned:2007-10-23
    Published:2007-10-23
    Updated:2007-10-23
    Summary:The Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK, which is used in IBM Lotus Notes, Symantec Mail Security, and possibly other applications, is vulnerable to a stack-based buffer overflow in the Portable Executable file viewer (exesr.dll), caused by improper bounds checking of Portable Executable (.exe) files. By persuading a victim to view a specially-crafted .exe file using one of the affected file viewers, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the victim's application to crash.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
    6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
    5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: Autonomy Web site
    Automony Support Site

    Source: MITRE
    Type: CNA
    CVE-2007-5909

    Source: CCN
    Type: SA27304
    Verity Keyview SDK Multiple Vulnerabilities

    Source: CCN
    Type: SA27376
    activePDF DocConverter File Parsing Buffer Overflows

    Source: CCN
    Type: SA27388
    Symantec Mail Security for Domino File Parsing Vulnerabilities

    Source: CCN
    Type: SA27429
    Symantec Mail Security for Exchange File Parsing Vulnerabilities

    Source: CCN
    Type: SA27498
    Symantec Mail Security Appliance File Parsing Vulnerabilities

    Source: CCN
    Type: SYM07-027
    Symantec Mail Security KeyView Module Multiple Buffer Overflow

    Source: CCN
    Type: SECTRACK ID: 1018853
    IBM Lotus Notes Buffer Overflows in File Attachment Viewer Lets Remote Users Execute Arbitrary Code

    Source: CCN
    Type: SECTRACK ID: 1018886
    Symantec Mail Security Buffer Overflows in KeyView Module Let Remote Users Execute Arbitrary Code

    Source: CCN
    Type: IBM Technote (FAQ) 1272836
    Buffer overflow vulnerability in Lotus Notes file viewers (multiple file formats)

    Source: CCN
    Type: activePDF Web site
    activePDF DocConverter

    Source: CCN
    Type: BID-26175
    Autonomy KeyView Multiple Buffer Overflow Vulnerabilities

    Source: XF
    Type: UNKNOWN
    lotus-exe-portable-bo(37377)

    Source: CCN
    Type: ZDI-07-059
    Verity KeyView SDK Multiple File Format Parsing Vulnerabilities

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:autonomy:keyview_export_sdk:9.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_filter_sdk:9.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:autonomy:keyview_viewer_sdk:9.2.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security_appliance:5.0.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    activepdf docconverter 3.8.2_.5
    autonomy keyview export sdk *
    autonomy keyview filter sdk *
    autonomy keyview viewer sdk *
    ibm lotus notes *
    symantec mail security 5.0
    symantec mail security 5.0
    symantec mail security 5.0.0
    symantec mail security 5.0.0.24
    symantec mail security 5.0.1
    symantec mail security 7.5
    autonomy keyview export sdk 9.2.0
    autonomy keyview filter sdk 9.2.0
    autonomy keyview viewer sdk 9.2.0
    ibm lotus notes 6.5
    ibm lotus notes 7.0
    symantec mail security 5.0.1
    ibm lotus notes 8.0
    symantec mail security appliance 5.0.0.24
    symantec mail security 5.0.0
    autonomy keyview export sdk 9.2.0
    autonomy keyview filter sdk 9.2.0
    autonomy keyview viewer sdk 9.2.0
    ibm lotus notes 6.5
    ibm lotus notes 7.0
    symantec mail security 5.0.1
    ibm lotus notes 8.0
    symantec mail security appliance 5.0.0.24
    symantec mail security 5.0.0
    autonomy keyview export sdk 9.2.0
    autonomy keyview filter sdk 9.2.0
    autonomy keyview viewer sdk 9.2.0
    ibm lotus notes 6.5
    ibm lotus notes 7.0
    symantec mail security 5.0.1
    ibm lotus notes 8.0
    symantec mail security appliance 5.0.0.24
    symantec mail security 5.0.0
    autonomy keyview export sdk 9.2.0
    autonomy keyview filter sdk 9.2.0
    autonomy keyview viewer sdk 9.2.0
    ibm lotus notes 6.5
    ibm lotus notes 7.0
    symantec mail security 5.0.1
    ibm lotus notes 8.0
    symantec mail security appliance 5.0.0.24
    symantec mail security 5.0.0
    autonomy keyview export sdk 9.2.0
    autonomy keyview filter sdk 9.2.0
    autonomy keyview viewer sdk 9.2.0
    ibm lotus notes 6.5
    ibm lotus notes 7.0
    symantec mail security 5.0.1
    ibm lotus notes 8.0
    symantec mail security appliance 5.0.0.24
    symantec mail security 5.0.0
    autonomy keyview export sdk 9.2.0
    autonomy keyview filter sdk 9.2.0
    autonomy keyview viewer sdk 9.2.0
    ibm lotus notes 6.5
    ibm lotus notes 7.0
    symantec mail security 5.0.1
    ibm lotus notes 8.0
    symantec mail security appliance 5.0.0.24
    symantec mail security 5.0.0
    autonomy keyview export sdk 9.2.0
    autonomy keyview filter sdk 9.2.0
    autonomy keyview viewer sdk 9.2.0
    ibm lotus notes 6.5
    ibm lotus notes 7.0
    symantec mail security 5.0.1
    ibm lotus notes 8.0
    symantec mail security appliance 5.0.0.24
    symantec mail security 5.0.0