Vulnerability Details CVE-2007-6020
Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.472
EPSS Ranking 97.5%
CVSS Severity
CVSS v2 Score 9.3
References
- http://secunia.com/advisories/27763
- http://secunia.com/advisories/28140
- http://secunia.com/advisories/28209
- http://secunia.com/advisories/28210
- http://secunia.com/advisories/29342
- http://secunia.com/secunia_research/2007-104/advisory/
- http://secunia.com/secunia_research/2007-105/advisory/
- http://secunia.com/secunia_research/2007-106/advisory/
- http://secunia.com/secunia_research/2007-107/advisory/
- http://securitytracker.com/id?1019805
- http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
- http://www.securityfocus.com/archive/1/490827/100/0/threaded
- http://www.securityfocus.com/archive/1/490829/100/0/threaded
- http://www.securityfocus.com/archive/1/490830/100/0/threaded
- http://www.securityfocus.com/archive/1/490831/100/0/threaded
- http://www.securityfocus.com/bid/28454
- http://www.securitytracker.com/id?1019841
- http://www.symantec.com/avcenter/security/Content/2008.04.08e.html
- http://www.vupen.com/english/advisories/2008/1153
- http://www.vupen.com/english/advisories/2008/1154
- http://www.vupen.com/english/advisories/2008/1156
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41716
- http://secunia.com/advisories/27763
- http://secunia.com/advisories/28140
- http://secunia.com/advisories/28209
- http://secunia.com/advisories/28210
- http://secunia.com/advisories/29342
- http://secunia.com/secunia_research/2007-104/advisory/
- http://secunia.com/secunia_research/2007-105/advisory/
- http://secunia.com/secunia_research/2007-106/advisory/
- http://secunia.com/secunia_research/2007-107/advisory/
- http://securitytracker.com/id?1019805
- http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
- http://www.securityfocus.com/archive/1/490827/100/0/threaded
- http://www.securityfocus.com/archive/1/490829/100/0/threaded
- http://www.securityfocus.com/archive/1/490830/100/0/threaded
- http://www.securityfocus.com/archive/1/490831/100/0/threaded
- http://www.securityfocus.com/bid/28454
- http://www.securitytracker.com/id?1019841
- http://www.symantec.com/avcenter/security/Content/2008.04.08e.html
- http://www.vupen.com/english/advisories/2008/1153
- http://www.vupen.com/english/advisories/2008/1154
- http://www.vupen.com/english/advisories/2008/1156
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41716
Products affected by CVE-2007-6020
-
cpe:2.3:a:activepdf:docconverter:3.8.4.0
-
cpe:2.3:a:autonomy:keyview:10.3.0.0
-
cpe:2.3:a:autonomy:keyview:2.0.0.2
-
cpe:2.3:a:ibm:lotus_notes:6.0
-
cpe:2.3:a:ibm:lotus_notes:6.5
-
cpe:2.3:a:ibm:lotus_notes:7.0
-
cpe:2.3:a:ibm:lotus_notes:7.0.2
-
cpe:2.3:a:ibm:lotus_notes:7.0.3
-
cpe:2.3:a:symantec:mail_security:5.0
-
cpe:2.3:a:symantec:mail_security:5.0.0
-
cpe:2.3:a:symantec:mail_security:5.0.1
-
cpe:2.3:a:symantec:mail_security:7.5
-
cpe:2.3:a:symantec:mail_security_appliance:5.0