Vulnerability Name: | CVE-2008-0066 (CCN-41724) | ||||||||
Assigned: | 2008-04-08 | ||||||||
Published: | 2008-04-08 | ||||||||
Updated: | 2018-10-15 | ||||||||
Summary: | Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element. | ||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-119 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2008-0066 Source: CCN Type: SA28140 activePDF DocConverter Multiple Parsing Vulnerabilities Source: SECUNIA Type: Vendor Advisory 28140 Source: CCN Type: SA28209 Autonomy Keyview SDK Multiple Buffer Overflows Source: SECUNIA Type: Vendor Advisory 28209 Source: CCN Type: SA28210 Lotus Notes Multiple Keyview Parsing Vulnerabilities Source: SECUNIA Type: Vendor Advisory 28210 Source: CCN Type: Secunia Research 08/04/2008 Lotus Notes htmsr.dll Buffer Overflows Source: MISC Type: Vendor Advisory http://secunia.com/secunia_research/2008-3/advisory/ Source: CCN Type: SECTRACK ID: 1019843 IBM Lotus Notes Buffer Overflows in HTML Speed Reader Lets Remote Users Execute Arbitrary Code Source: CCN Type: IBM Technote (FAQ) 1298453 Potential security vulnerabilities in Lotus Notes file viewers for Applix Presents, Folio Flat File, HTML speed reader, KeyView and MIME Source: CONFIRM Type: UNKNOWN http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453 Source: CCN Type: IBM Web site Lotus Notes Source: CCN Type: OSVDB ID: 44191 Autonomy Keyview Multiple Products HTML Speed Reader (htmsr.dll) Multiple Tag Handling Overflows Source: BUGTRAQ Type: UNKNOWN 20080414 Secunia Research: Lotus Notes htmsr.dll Buffer Overflows Source: BID Type: UNKNOWN 28454 Source: CCN Type: BID-28454 Autonomy KeyView Module Multiple Buffer Overflow Vulnerabilities Source: SECTRACK Type: UNKNOWN 1019843 Source: VUPEN Type: UNKNOWN ADV-2008-1153 Source: VUPEN Type: UNKNOWN ADV-2008-1156 Source: XF Type: UNKNOWN autonomy-keyview-html-multiple-bo(41724) Source: XF Type: UNKNOWN autonomy-keyview-html-multiple-bo(41724) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |