[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-5399Date: (C)2008-04-10   (M)2023-12-22


Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote attackers to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority, (8) Importance, or (9) X-MSMail-Priority header; (10) a long string at the beginning of an RFC2047 encoded-word in a header; (11) a long text string in an RFC2047 encoded-word in a header; or (12) a long Subject header, related to creation of an associated filename.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1019842
http://www.securityfocus.com/archive/1/490832/100/0/threaded
http://www.securityfocus.com/archive/1/490833/100/0/threaded
SECUNIA-28209
SECUNIA-28210
BID-28454
ADV-2008-1153
ADV-2008-1156
autonomy-keyview-eml-multiple-bo(41723)
http://secunia.com/secunia_research/2007-91/advisory/
http://secunia.com/secunia_research/2007-92/advisory/
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453

CPE    5
cpe:/a:ibm:lotus_notes:7.0.3
cpe:/a:ibm:lotus_notes:7.0.2
cpe:/a:ibm:lotus_notes:6.5
cpe:/a:ibm:lotus_notes:7.0
...
CWE    1
CWE-119

© SecPod Technologies