CVE-2007-5405

Sažetak

Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag.

Reference

http://secunia.com/advisories/27763
http://secunia.com/advisories/28140
http://secunia.com/advisories/28209
http://secunia.com/advisories/28210
http://secunia.com/advisories/29342
http://secunia.com/secunia_research/2007-95/advisory/
http://secunia.com/secunia_research/2007-96/advisory/
http://secunia.com/secunia_research/2007-97/advisory/
http://secunia.com/secunia_research/2007-98/advisory/
http://securitytracker.com/id?1019805
http://www.securityfocus.com/archive/1/490825/100/0/threaded
http://www.securityfocus.com/archive/1/490837/100/0/threaded
http://www.securityfocus.com/archive/1/490838/100/0/threaded
http://www.securityfocus.com/archive/1/490839/100/0/threaded
http://www.securityfocus.com/bid/28454
http://www.securitytracker.com/id?1019844
http://www.symantec.com/avcenter/security/Content/2008.04.08e.html
http://www.vupen.com/english/advisories/2008/1153
http://www.vupen.com/english/advisories/2008/1154
http://www.vupen.com/english/advisories/2008/1156
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
https://exchange.xforce.ibmcloud.com/vulnerabilities/41721

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

15-10-2018 - 21:44

Objavljeno

10-04-2008 - 18:05