CVE-2007-5406
First published: Thu Apr 10 2008(Updated: )
kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file.
Credit: PSIRT-CNA@flexerasoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Lotus Notes | =6.0 | |
| IBM Lotus Notes | =6.5 | |
| IBM Lotus Notes | =7.0 | |
| IBM Lotus Notes | =8.0 | |
| IBM Lotus Notes | =8.0.1 | |
| Symantec Mail Security | <=7.5 | |
| Symantec Mail Security | =5.0 | |
| Symantec Mail Security | =5.0 | |
| Symantec Mail Security | =5.0.0 | |
| Symantec Mail Security | =5.0.1 | |
| Autonomy KeyView |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/secunia_research/2007-95/advisory/
- http://secunia.com/secunia_research/2007-96/advisory/
- http://secunia.com/secunia_research/2007-97/advisory/
- http://secunia.com/secunia_research/2007-98/advisory/
- http://www.securityfocus.com/bid/28454
- http://securitytracker.com/id?1019805
- http://secunia.com/advisories/27763
- http://secunia.com/advisories/28140
- http://secunia.com/advisories/28209
- http://secunia.com/advisories/28210
- http://secunia.com/advisories/29342
- http://www.securitytracker.com/id?1019844
- http://www.vupen.com/english/advisories/2008/1153
- http://www.vupen.com/english/advisories/2008/1154
- http://www.vupen.com/english/advisories/2008/1156
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41722
- http://www.securityfocus.com/archive/1/490839/100/0/threaded
- http://www.securityfocus.com/archive/1/490838/100/0/threaded
- http://www.securityfocus.com/archive/1/490837/100/0/threaded
- http://www.securityfocus.com/archive/1/490825/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm lotus notes
- version/ibm lotus notes/6.0
- version/ibm lotus notes/6.5
- version/ibm lotus notes/7.0
- version/ibm lotus notes/8.0
- version/ibm lotus notes/8.0.1
- vendor/symantec
- canonical/symantec mail security
- version/symantec mail security/7.5
- version/symantec mail security/5.0
- version/symantec mail security/5.0.0
- version/symantec mail security/5.0.1
- vendor/autonomy
- canonical/autonomy keyview