Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Activepdf
  • Docconverter
Autonomy
  • Keyview Viewer Sdk
  • Keyview Filter Sdk
  • Keyview Export Sdk
Symantec
  • Mail Security
Ibm
  • Lotus Notes

Configuration 1 [-]

OR cpe:2.3:a:activepdf:docconverter:3.8.2_.5:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview_export_sdk:*:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview_filter_sdk:*:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview_viewer_sdk:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0:*:appliance:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0:*:microsoft_exchange:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.0.24:*:appliance:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:7.5:*:domino:*:*:*:*:*
References
Link Resource
http://secunia.com/advisories/27304 Patch Vendor Advisory
http://securityreason.com/securityalert/3357
http://securityresponse.symantec.com/avcenter/security/Content/2007.11.01c.html
http://securitytracker.com/id?1018853
http://securitytracker.com/id?1018886
http://vuln.sg/lotusnotes702-en.html
http://vuln.sg/lotusnotes702doc-en.html
http://vuln.sg/lotusnotes702mif-en.html
http://vuln.sg/lotusnotes702sam-en.html
http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21271111
http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21272836
http://www.securityfocus.com/archive/1/482664
http://www.securityfocus.com/archive/1/483102/100/0/threaded
http://www.securityfocus.com/bid/26175 Patch
http://www.vupen.com/english/advisories/2007/3596
http://www.vupen.com/english/advisories/2007/3697
http://www.zerodayinitiative.com/advisories/ZDI-07-059.html
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-11-10T02:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2007-11-09T00:00:00

Link: CVE-2007-5909

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2007-11-10T02:46:00.000

Modified: 2018-10-15T21:47:10.707

Link: CVE-2007-5909

JSON object: View

cve-icon Redhat Information

No data.

CWE