Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5399

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-5399
Last Modified 07 Mar 2011 10:00:38
Published 10 Apr 2008 02:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5399

Summary

Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote attackers to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority, (8) Importance, or (9) X-MSMail-Priority header; (10) a long string at the beginning of an RFC2047 encoded-word in a header; (11) a long text string in an RFC2047 encoded-word in a header; or (12) a long Subject header, related to creation of an associated filename.

Vulnerable Systems

Application

  • Autonomy Keyview 10.3.0.0

  • Ibm Lotus Notes 6.0

  • Ibm Lotus Notes 6.5

  • Ibm Lotus Notes 7.0

  • Ibm Lotus Notes 7.0.2

  • Ibm Lotus Notes 7.0.3


References

XF - autonomy-keyview-eml-multiple-bo(41723)

VUPEN - ADV-2008-1156

VUPEN - ADV-2008-1153

SECTRACK - 1019842

BID - 28454

BUGTRAQ - 20080414 Secunia Research: Lotus Notes EML Reader Buffer Overflows

BUGTRAQ - 20080414 Secunia Research: Autonomy Keyview EML Reader Buffer Overflows

CONFIRM - http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453

MISC - http://secunia.com/secunia_research/2007-92/advisory/

MISC - http://secunia.com/secunia_research/2007-91/advisory/

SECUNIA - 28210

SECUNIA - 28209


Last Updated: 27 May 2016 10:46:10