[Forgot Password]
Login  Register Subscribe

23631

 
 

119105

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-5399

Date: (C)2008-04-10   (M)2017-08-01 


Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote attackers to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority, (8) Importance, or (9) X-MSMail-Priority header; (10) a long string at the beginning of an RFC2047 encoded-word in a header; (11) a long text string in an RFC2047 encoded-word in a header; or (12) a long Subject header, related to creation of an associated filename.

CVSS Score: 9.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
SECTRACK-1019842
http://www.securityfocus.com/archive/1/archive/1/490832/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/490833/100/0/threaded
SECUNIA-28209
SECUNIA-28210
BID-28454
ADV-2008-1153
ADV-2008-1156
IAVM:2008-B-0039
autonomy-keyview-eml-multiple-bo(41723)
http://secunia.com/secunia_research/2007-91/advisory/
http://secunia.com/secunia_research/2007-92/advisory/
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453

CPE    5
cpe:/a:ibm:lotus_notes:7.0.3
cpe:/a:ibm:lotus_notes:7.0.2
cpe:/a:ibm:lotus_notes:6.5
cpe:/a:ibm:lotus_notes:6.0
...
CWE    1
CWE-119

© 2013 SecPod Technologies