Vulnerability CVE-2007-5910 - CERT Civis.Net

Vulnerability Name:

CVE-2007-5910 (CCN-37357)

Assigned:

2007-10-23

Published:

2007-10-23

Updated:

2011-03-08

Summary:

Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3, Symantec Mail Security, and other products, allows remote attackers to execute arbitrary code via a crafted WordPerfect (WPD) file.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: Autonomy Web site
Automony Support Site

Source: MITRE
Type: CNA
CVE-2007-5910

Source: CCN
Type: SA27304
Verity Keyview SDK Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
27304

Source: CCN
Type: SA27317
IBM Lotus Notes WordPerfect File Viewer Vulnerability

Source: CCN
Type: SA27376
activePDF DocConverter File Parsing Buffer Overflows

Source: CCN
Type: SA27388
Symantec Mail Security for Domino File Parsing Vulnerabilities

Source: CCN
Type: SA27429
Symantec Mail Security for Exchange File Parsing Vulnerabilities

Source: CCN
Type: SA27498
Symantec Mail Security Appliance File Parsing Vulnerabilities

Source: SREASON
Type: UNKNOWN
3357

Source: CCN
Type: SYM07-027
Symantec Mail Security KeyView Module Multiple Buffer Overflow

Source: CONFIRM
Type: UNKNOWN
http://securityresponse.symantec.com/avcenter/security/Content/2007.11.01c.html

Source: CCN
Type: SECTRACK ID: 1018853
IBM Lotus Notes Buffer Overflows in File Attachment Viewer Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1018853

Source: CCN
Type: SECTRACK ID: 1018886
Symantec Mail Security Buffer Overflows in KeyView Module Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1018886

Source: MISC
Type: UNKNOWN
http://vuln.sg/lotusnotes702-en.html

Source: CCN
Type: vuln.sg Vulnerability Research Advisory 2007-10-23
IBM Lotus Notes wp6sr.dll WPD Attachment Viewer Buffer Overflow

Source: MISC
Type: UNKNOWN
http://vuln.sg/lotusnotes702wpd-en.html

Source: CONFIRM
Type: UNKNOWN
http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21271111

Source: CCN
Type: IBM Technote (FAQ) 1271111
Buffer overflow vulnerability in Lotus Notes file viewers (.wpd, .sam, .doc, and .mif )

Source: CCN
Type: activePDF Web site
activePDF DocConverter

Source: CCN
Type: OSVDB ID: 40783
Autonomy KeyView Multiple Products Crafted WordPerfect (WPD) File Handling Overflow

Source: CCN
Type: OSVDB ID: 40786
Autonomy KeyView Multiple Products kpagrdr.dll AG File Handling Overflow

Source: CCN
Type: OSVDB ID: 40787
Autonomy KeyView Multiple Products awsr.dll AW File Handling Overflow

Source: CCN
Type: OSVDB ID: 40788
Autonomy KeyView Multiple Products exesr.dll EXE / DLL File Handling Overflow

Source: CCN
Type: OSVDB ID: 40789
Autonomy KeyView Multiple Products mwsr.dll DOC File Handling Overflow

Source: CCN
Type: OSVDB ID: 40790
Autonomy KeyView Multiple Products rtfsr.dll RTF File Handling Overflow

Source: CCN
Type: OSVDB ID: 40791
Autonomy KeyView Multiple Products mifsr.dll MIF File Handling Overflow

Source: CCN
Type: OSVDB ID: 40792
Autonomy KeyView Multiple Products lasr.dll SAM File Handling Overflow

Source: CCN
Type: OSVDB ID: 40950
IBM Lotus Notes WordPerfect File Viewer (wp6sr.dll) Document Handling Overflow

Source: BUGTRAQ
Type: UNKNOWN
20071023 [vuln.sg] IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities

Source: BID
Type: UNKNOWN
26175

Source: CCN
Type: BID-26175
Autonomy KeyView Multiple Buffer Overflow Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2007-3596

Source: VUPEN
Type: UNKNOWN
ADV-2007-3697

Source: XF
Type: UNKNOWN
lotus-wp6sr-wpd-bo(37357)

Vulnerable Configuration:

Configuration 1:

cpe:/a:activepdf:docconverter:3.8.2_.5:*:*:*:*:*:*:*

OR cpe:/a:autonomy:keyview_export_sdk:*:*:*:*:*:*:*:* (Version <= 9.2.0)

OR cpe:/a:autonomy:keyview_filter_sdk:*:*:*:*:*:*:*:* (Version <= 9.2.0)

OR cpe:/a:autonomy:keyview_viewer_sdk:*:*:*:*:*:*:*:* (Version <= 9.2.0)

OR cpe:/a:ibm:lotus_notes:*:*:*:*:*:*:*:* (Version <= 7.0.2)

OR cpe:/a:symantec:mail_security:5.0:*:appliance:*:*:*:*:*

OR cpe:/a:symantec:mail_security:5.0:*:microsoft_exchange:*:*:*:*:*

OR cpe:/a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*

OR cpe:/a:symantec:mail_security:5.0.0.24:*:appliance:*:*:*:*:*

OR cpe:/a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*

OR cpe:/a:symantec:mail_security:7.5:*:domino:*:*:*:*:*

Denotes that component is vulnerable