正文

keyview_filter_sdk,keyview_viewer_sdk,keyview_export_sdk 缓冲区溢出代码执行漏洞

admin
admin V管理员 /0 评论 /6 阅读
0413
此篇文章发布距今已超过1185天,您需要注意文章的内容或图片是否可用!

CVE编号

CVE-2007-5909

利用情况

暂无

补丁情况

N/A

披露时间

2007-11-10
漏洞描述
Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
http://secunia.com/advisories/27304
http://securityreason.com/securityalert/3357
http://securityresponse.symantec.com/avcenter/security/Content/2007.11.01c.html
http://securitytracker.com/id?1018853
http://securitytracker.com/id?1018886
http://vuln.sg/lotusnotes702-en.html
http://vuln.sg/lotusnotes702doc-en.html
http://vuln.sg/lotusnotes702mif-en.html
http://vuln.sg/lotusnotes702sam-en.html
http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21271111
http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21272836
http://www.securityfocus.com/archive/1/482664
http://www.securityfocus.com/archive/1/483102/100/0/threaded
http://www.securityfocus.com/bid/26175
http://www.vupen.com/english/advisories/2007/3596
http://www.vupen.com/english/advisories/2007/3697
http://www.zerodayinitiative.com/advisories/ZDI-07-059.html
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 activepdf docconverter 3.8.2_.5 -
运行在以下环境
应用 autonomy keyview_export_sdk * Up to
(including)
9.2.0
运行在以下环境
应用 autonomy keyview_filter_sdk * Up to
(including)
9.2.0
运行在以下环境
应用 autonomy keyview_viewer_sdk * Up to
(including)
9.2.0
运行在以下环境
应用 ibm lotus_notes * Up to
(including)
7.0.2
运行在以下环境
应用 symantec mail_security 5.0 -
运行在以下环境
应用 symantec mail_security 5.0.0 -
运行在以下环境
应用 symantec mail_security 5.0.0.24 -
运行在以下环境
应用 symantec mail_security 5.0.1 -
运行在以下环境
应用 symantec mail_security 7.5 -
CVSS3评分 9.3
  • 攻击路径 网络
  • 攻击复杂度 N/A
  • 权限要求 无
  • 影响范围 N/A
  • 用户交互 需要
  • 可用性 完全地
  • 保密性 完全地
  • 完整性 完全地
AV:N/AC:M/Au:N/C:C/I:C/A:C CWE-ID 漏洞类型 CWE-119 内存缓冲区边界内操作的限制不恰当