Vulnerability Details CVE-2007-5405
Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.412
EPSS Ranking 97.2%
CVSS Severity
CVSS v2 Score 9.3
References
- http://secunia.com/advisories/27763
- http://secunia.com/advisories/28140
- http://secunia.com/advisories/28209
- http://secunia.com/advisories/28210
- http://secunia.com/advisories/29342
- http://secunia.com/secunia_research/2007-95/advisory/
- http://secunia.com/secunia_research/2007-96/advisory/
- http://secunia.com/secunia_research/2007-97/advisory/
- http://secunia.com/secunia_research/2007-98/advisory/
- http://securitytracker.com/id?1019805
- http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
- http://www.securityfocus.com/archive/1/490825/100/0/threaded
- http://www.securityfocus.com/archive/1/490837/100/0/threaded
- http://www.securityfocus.com/archive/1/490838/100/0/threaded
- http://www.securityfocus.com/archive/1/490839/100/0/threaded
- http://www.securityfocus.com/bid/28454
- http://www.securitytracker.com/id?1019844
- http://www.symantec.com/avcenter/security/Content/2008.04.08e.html
- http://www.vupen.com/english/advisories/2008/1153
- http://www.vupen.com/english/advisories/2008/1154
- http://www.vupen.com/english/advisories/2008/1156
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41721
- http://secunia.com/advisories/27763
- http://secunia.com/advisories/28140
- http://secunia.com/advisories/28209
- http://secunia.com/advisories/28210
- http://secunia.com/advisories/29342
- http://secunia.com/secunia_research/2007-95/advisory/
- http://secunia.com/secunia_research/2007-96/advisory/
- http://secunia.com/secunia_research/2007-97/advisory/
- http://secunia.com/secunia_research/2007-98/advisory/
- http://securitytracker.com/id?1019805
- http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
- http://www.securityfocus.com/archive/1/490825/100/0/threaded
- http://www.securityfocus.com/archive/1/490837/100/0/threaded
- http://www.securityfocus.com/archive/1/490838/100/0/threaded
- http://www.securityfocus.com/archive/1/490839/100/0/threaded
- http://www.securityfocus.com/bid/28454
- http://www.securitytracker.com/id?1019844
- http://www.symantec.com/avcenter/security/Content/2008.04.08e.html
- http://www.vupen.com/english/advisories/2008/1153
- http://www.vupen.com/english/advisories/2008/1154
- http://www.vupen.com/english/advisories/2008/1156
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41721
Products affected by CVE-2007-5405
-
cpe:2.3:a:activepdf:docconverter:3.8.2_.5
-
cpe:2.3:a:activepdf:docconverter:3.8.4.0
-
cpe:2.3:a:autonomy:keyview:10.3.0.0
-
cpe:2.3:a:autonomy:keyview:2.0.0.2
-
cpe:2.3:a:ibm:lotus_notes:6.0
-
cpe:2.3:a:ibm:lotus_notes:6.5
-
cpe:2.3:a:ibm:lotus_notes:7.0
-
cpe:2.3:a:ibm:lotus_notes:7.0.2
-
cpe:2.3:a:ibm:lotus_notes:7.0.3
-
cpe:2.3:a:symantec:mail_security:5.0
-
cpe:2.3:a:symantec:mail_security:5.0.0
-
cpe:2.3:a:symantec:mail_security:5.0.1
-
cpe:2.3:a:symantec:mail_security:7.5
-
cpe:2.3:a:symantec:mail_security_appliance:5.0