Autonomy Keyview Filter Sdk prior 9.2.0 kpagrdr.dll memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.0 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Autonomy Keyview Filter Sdk. It has been classified as critical. This vulnerability affects unknown code in the library kpagrdr.dll. This manipulation causes memory corruption. This vulnerability is registered as CVE-2007-5909. No exploit is available. Upgrading the affected component is recommended.
Details
A vulnerability was found in Autonomy Keyview Filter Sdk. It has been declared as critical. Affected by this vulnerability is an unknown code block in the library kpagrdr.dll. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910.
The weakness was published 11/09/2007 by Tan Chew Keong with Zero Day Initiative (Website). The advisory is shared at securityfocus.com. This vulnerability is known as CVE-2007-5909 since 11/09/2007. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details are known, but no exploit is available.
It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 27534 (Lotus Notes Client < 7.0.3 / 8.0.1 Multiple Overflows), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows and running in the context l.
Upgrading to version 9.2.0 eliminates this vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 5753.
The vulnerability is also documented in the databases at X-Force (37373), Tenable (27534), SecurityFocus (BID 26175†), OSVDB (40792†) and Secunia (SA27304†). Similar entries are available at VDB-39456, VDB-39741 and VDB-39626. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 10.0VulDB Meta Temp Score: 9.0
VulDB Base Score: 10.0
VulDB Temp Score: 9.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 27534
Nessus Name: Lotus Notes Client < 7.0.3 / 8.0.1 Multiple Overflows
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Saint ID: exploit_info/lotus_notes_mif_viewer
Saint Name: Lotus Notes MIF attachment viewer buffer overflow
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Keyview Filter Sdk 9.2.0
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
Timeline
10/23/2007 🔍10/23/2007 🔍
10/23/2007 🔍
10/23/2007 🔍
10/24/2007 🔍
10/28/2007 🔍
11/09/2007 🔍
11/09/2007 🔍
11/09/2007 🔍
03/16/2015 🔍
07/29/2019 🔍
Sources
Advisory: securityfocus.com⛔Researcher: Tan Chew Keong
Organization: Zero Day Initiative
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2007-5909 (🔍)
GCVE (CVE): GCVE-0-2007-5909
GCVE (VulDB): GCVE-100-39625
X-Force: 37373
SecurityFocus: 26175 - Autonomy KeyView Multiple Buffer Overflow Vulnerabilities
Secunia: 27304
OSVDB: 40792 - Autonomy KeyView Multiple Products lasr.dll SAM File Handling Overflow
SecurityTracker: 1018853
Vulnerability Center: 16668 - Symantec Mail Security Autonomy KeyView Vulnerability Allows Code Execution, Medium
Vupen: ADV-2007-3596
See also: 🔍
Entry
Created: 03/16/2015 13:43Updated: 07/29/2019 09:57
Changes: 03/16/2015 13:43 (81), 07/29/2019 09:57 (6)
Complete: 🔍
Cache ID: 216:775:103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.