Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Activepdf
  • Docconverter
Symantec
  • Mail Security
  • Mail Security Appliance
Ibm
  • Lotus Notes
Autonomy
  • Keyview

Configuration 1 [-]

OR cpe:2.3:a:activepdf:docconverter:3.8.2_.5:*:*:*:*:*:*:*
cpe:2.3:a:activepdf:docconverter:3.8.4.0:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview:2.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview:10.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0:*:microsoft_exchange:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:7.5:*:domino:*:*:*:*:*
cpe:2.3:a:symantec:mail_security_appliance:5.0:*:*:*:*:*:*:*
References
Link Resource
http://secunia.com/advisories/27763 Vendor Advisory
http://secunia.com/advisories/28140 Vendor Advisory
http://secunia.com/advisories/28209 Vendor Advisory
http://secunia.com/advisories/28210 Vendor Advisory
http://secunia.com/advisories/29342 Vendor Advisory
http://secunia.com/secunia_research/2007-95/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-96/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-97/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2007-98/advisory/ Vendor Advisory
http://securitytracker.com/id?1019805
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
http://www.securityfocus.com/archive/1/490825/100/0/threaded
http://www.securityfocus.com/archive/1/490837/100/0/threaded
http://www.securityfocus.com/archive/1/490838/100/0/threaded
http://www.securityfocus.com/archive/1/490839/100/0/threaded
http://www.securityfocus.com/bid/28454
http://www.securitytracker.com/id?1019844
http://www.symantec.com/avcenter/security/Content/2008.04.08e.html
http://www.vupen.com/english/advisories/2008/1153
http://www.vupen.com/english/advisories/2008/1154
http://www.vupen.com/english/advisories/2008/1156
https://exchange.xforce.ibmcloud.com/vulnerabilities/41721
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: flexera

Published: 2008-04-10T18:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2007-10-12T00:00:00

Link: CVE-2007-5405

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2008-04-10T18:05:00.000

Modified: 2018-10-15T21:44:31.827

Link: CVE-2007-5405

JSON object: View

cve-icon Redhat Information

No data.

CWE