Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6593

Overview

Vulnerability Score 8.8 8.8
CVE Id CVE-2007-6593
Last Modified 07 Mar 2011 10:03:15
Published 28 Dec 2007 04:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6593

Summary

Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909.

Vulnerable Systems

Application

  • Ibm Lotus Notes 5.0

  • Ibm Lotus Notes 6.0

  • Ibm Lotus Notes 6.5

  • Ibm Lotus Notes 7.0

  • Ibm Lotus Notes 8.0


References

XF - lotus-123fileviewer-bo(38645)

VUPEN - ADV-2007-4020

VUPEN - ADV-2007-4012

BUGTRAQ - 20071127 CORE-2007-0821: Lotus Notes buffer overflow in the Lotus WorkSheet file processor

CONFIRM - http://www.ibm.com/support/docview.wss?rs=475&uid=swg21285600

MISC - http://www.coresecurity.com/index.php5?action=item&id=2008

SECTRACK - 1019002

SECUNIA - 27849

SECUNIA - 27836

SECUNIA - 27835

SECTRACK - 1019096

BID - 26604

SREASON - 3499


Last Updated: 27 May 2016 10:46:32