Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6020

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-6020
Last Modified 07 Mar 2011 10:01:40
Published 10 Apr 2008 02:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6020

Summary

Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file.

Vulnerable Systems

Application

  • Activepdf Docconverter 3.8.4.0

  • Autonomy Keyview 10.3.0.0

  • Autonomy Keyview 2.0.0.2

  • Ibm Lotus Notes 6.0

  • Ibm Lotus Notes 6.5

  • Ibm Lotus Notes 7.0

  • Ibm Lotus Notes 7.0.2

  • Ibm Lotus Notes 7.0.3

  • Symantec Mail Security 5.0

  • Symantec Mail Security 5.0.0

  • Symantec Mail Security 5.0.1

  • Symantec Mail Security 7.5

  • Symantec Mail Security Appliance 5.0


References

XF - autonomy-keyview-foliosr-bo(41716)

VUPEN - ADV-2008-1156

VUPEN - ADV-2008-1154

VUPEN - ADV-2008-1153

CONFIRM - http://www.symantec.com/avcenter/security/Content/2008.04.08e.html

SECTRACK - 1019841

BID - 28454

BUGTRAQ - 20080414 Secunia Research: Lotus Notes Folio Flat File Parsing BufferOverflows

BUGTRAQ - 20080414 Secunia Research: Symantec Mail Security Folio Flat File ParsingBuffer Overflows

BUGTRAQ - 20080414 Secunia Research: Autonomy Keyview Folio Flat File Parsing BufferOverflows

BUGTRAQ - 20080414 Secunia Research: activePDF DocConverter Folio Flat File ParsingBuffer Overflows

CONFIRM - http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453

SECTRACK - 1019805

MISC - http://secunia.com/secunia_research/2007-107/advisory/

MISC - http://secunia.com/secunia_research/2007-106/advisory/

MISC - http://secunia.com/secunia_research/2007-105/advisory/

MISC - http://secunia.com/secunia_research/2007-104/advisory/

SECUNIA - 29342

SECUNIA - 28210

SECUNIA - 28209

SECUNIA - 28140

SECUNIA - 27763


Last Updated: 27 May 2016 10:46:22