CVE-2007-5405: Buffer Overflow
First published: Thu Apr 10 2008(Updated: )
Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag.
Credit: PSIRT-CNA@flexerasoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ActivePDF DocConverter | =3.8.2_.5 | |
| ActivePDF DocConverter | =3.8.4.0 | |
| Verity KeyView Viewing SDK | =2.0.0.2 | |
| Verity KeyView Viewing SDK | =10.3.0.0 | |
| IBM Lotus Notes | =6.0 | |
| IBM Lotus Notes | =6.5 | |
| IBM Lotus Notes | =7.0 | |
| IBM Lotus Notes | =7.0.2 | |
| IBM Lotus Notes | =7.0.3 | |
| Symantec Mail Security | =5.0 | |
| Symantec Mail Security | =5.0.0 | |
| Symantec Mail Security | =5.0.1 | |
| Symantec Mail Security | =7.5 | |
| Symantec Mail Security Appliance | =5.0 | |
| Symantec Mail Security appliance | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/secunia_research/2007-95/advisory/
- http://secunia.com/secunia_research/2007-96/advisory/
- http://secunia.com/secunia_research/2007-97/advisory/
- http://secunia.com/secunia_research/2007-98/advisory/
- http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
- http://www.symantec.com/avcenter/security/Content/2008.04.08e.html
- http://www.securityfocus.com/bid/28454
- http://securitytracker.com/id?1019805
- http://secunia.com/advisories/27763
- http://secunia.com/advisories/28140
- http://secunia.com/advisories/28209
- http://secunia.com/advisories/28210
- http://secunia.com/advisories/29342
- http://www.securitytracker.com/id?1019844
- http://www.vupen.com/english/advisories/2008/1153
- http://www.vupen.com/english/advisories/2008/1154
- http://www.vupen.com/english/advisories/2008/1156
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41721
- http://www.securityfocus.com/archive/1/490839/100/0/threaded
- http://www.securityfocus.com/archive/1/490838/100/0/threaded
- http://www.securityfocus.com/archive/1/490837/100/0/threaded
- http://www.securityfocus.com/archive/1/490825/100/0/threaded
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ibm
- canonical/ibm lotus notes
- version/ibm lotus notes/6.0
- vendor/symantec
- canonical/symantec mail security appliance
- version/symantec mail security appliance/5.0
- canonical/symantec mail security
- version/symantec mail security/5.0.1
- vendor/autonomy
- canonical/verity keyview viewing sdk
- version/verity keyview viewing sdk/10.3.0.0
- vendor/activepdf
- canonical/activepdf docconverter
- version/activepdf docconverter/3.8.4.0
- version/verity keyview viewing sdk/2.0.0.2
- version/ibm lotus notes/7.0
- version/ibm lotus notes/7.0.3
- version/symantec mail security/7.5
- version/activepdf docconverter/3.8.2_.5
- version/ibm lotus notes/6.5
- version/symantec mail security/5.0
- version/ibm lotus notes/7.0.2
- version/symantec mail security/5.0.0