Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0066

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-0066
Last Modified 07 Mar 2011 10:03:52
Published 10 Apr 2008 02:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0066

Summary

Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element.

Vulnerable Systems

Application

  • Autonomy Keyview

  • Ibm Lotus Notes 7.0.2

  • Ibm Lotus Notes 7.0.3


References

XF - autonomy-keyview-html-multiple-bo(41724)

VUPEN - ADV-2008-1156

VUPEN - ADV-2008-1153

SECTRACK - 1019843

BID - 28454

BUGTRAQ - 20080414 Secunia Research: Lotus Notes htmsr.dll Buffer Overflows

CONFIRM - http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453

MISC - http://secunia.com/secunia_research/2008-3/advisory/

SECUNIA - 28210

SECUNIA - 28209

SECUNIA - 28140


Last Updated: 27 May 2016 10:46:39