CVE-2007-5406 - kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView

CVE-2007-5406

Summary

kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file. IBM description: http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453 Symantec description: http://www.symantec.com/avcenter/security/Content/2008.04.08e.html

References

Vulnerable Configurations

cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0:*:microsoft_exchange:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0:*:microsoft_exchange:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:4.0:*:domino:*:*:*:*:*
cpe:2.3:a:symantec:mail_security:4.0:*:domino:*:*:*:*:*
cpe:2.3:a:autonomy:keyview:*:*:*:*:*:*:*:*
cpe:2.3:a:autonomy:keyview:*:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 15-10-2018 - 21:44)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	28454
bugtraq	20080414 Secunia Research: Autonomy Keyview Applix Graphics ParsingVulnerabilities 20080414 Secunia Research: Lotus Notes Applix Graphics ParsingVulnerabilities 20080414 Secunia Research: Symantec Mail Security Applix Graphics ParsingVulnerabilities 20080414 Secunia Research: activePDF DocConverter Applix Graphics ParsingVulnerabilities
misc	http://secunia.com/secunia_research/2007-95/advisory/ http://secunia.com/secunia_research/2007-96/advisory/ http://secunia.com/secunia_research/2007-97/advisory/ http://secunia.com/secunia_research/2007-98/advisory/
sectrack	1019805 1019844
secunia	27763 28140 28209 28210 29342
vupen	ADV-2008-1153 ADV-2008-1154 ADV-2008-1156
xf	autonomy-keyview-applix-dos(41722)

saint via4

bid	28454
description	Lotus Notes Applix Graphics viewer BEGIN tag buffer overflow
id	mail_client_notesapplix
osvdb	44194
title	lotus_notes_ag_viewer_begin
type	client

Last major update

15-10-2018 - 21:44

Published

10-04-2008 - 18:05

Last modified

15-10-2018 - 21:44