|
 |
|
Verity KeyView SDK Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA16100
|
|
|
Release Date:
|
2006-02-10
|
|
Last Update:
|
2006-02-20
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Verity KeyView Export SDK 7.x
Verity KeyView Export SDK 8.x
Verity KeyView Export SDK 9.x
Verity KeyView Filter SDK 7.x
Verity KeyView Filter SDK 8.x
Verity KeyView Filter SDK 9.x
Verity KeyView Viewer SDK 7.x
Verity KeyView Viewer SDK 8.x
Verity KeyView Viewer SDK 9.x
|
| | CVE reference: | CVE-2005-2618 (Secunia mirror)
CVE-2005-2619 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Secunia Research has discovered multiple vulnerabilities in Verity KeyView SDK, which can be exploited by malicious people to bypass certain security restrictions or compromise a user's system.
1) A boundary error in kvarcve.dll when constructing the full pathname of a compressed file to check for its existence before extracting it from a ZIP archive can be exploited to cause a stack-based buffer overflow.
Successful exploitation allows execution of arbitrary code when a compressed file with a long filename is extracted from within an application using the vulnerable viewer.
2) A boundary error in uudrdr.dll when handling UUE files containing an encoded file with an overly long filename can be exploited to cause a stack-based buffer overflow.
Successful exploitation allows execution of arbitrary code when a malicious UUE file is opened in an application using the vulnerable viewer.
3) Directory traversal errors in kvarcve.dll when generating the preview of a compressed file from ZIP, UUE, and TAR archives can be exploited to delete arbitrary files on an affected system.
Successful exploitation requires that a compressed file with directory traversal sequences in its filename is viewed in an application using the vulnerable viewer.
4) A boundary error in the TAR reader (tarrdr.dll) when extracting files from a TAR archive can be exploited to cause a stack-based buffer overflow via a TAR archive containing a file with a long filename.
Successful exploitation allows execution of arbitrary code, but requires that a compressed file within a malicious TAR archive is extracted with an application using the vulnerable viewer.
5) A boundary error in the HTML speed reader (htmsr.dll) can be exploited to cause a stack-based buffer overflow via a malicious HTML document containing an overly long link beginning with either "http", "ftp", or "//".
Successful exploitation allows execution of arbitrary code, but requires that the link in the HTML document is followed in an application using the vulnerable viewer.
6) A boundary error in the HTML speed reader when checking if a link references a local file can be exploited to cause a stack-based buffer overflow via a malicious HTML document containing a specially crafted, overly long link.
Successful exploitation allows execution of arbitrary code as soon as the the malicious HTML document is viewed in an application using the vulnerable viewer.
The vendor reports that all versions prior to 9.2.0 are affected. Four of the vulnerabilities only affect KeyView Viewer SDK, whereas the remaining two vulnerabilities affect the KeyView Filter, Export, and Viewer SDK.
Solution:
Update to version 9.2.0 or later.
Provided and/or discovered by:
1-2) Tan Chew Keong, Secunia Research.
3) Tan Chew Keong and Carsten Eiram, Secunia Research.
4-6) Carsten Eiram, Secunia Research.
Changelog:
2006-02-10: Updated "Solution" section.
2006-02-13: Updated "Solution" section with new information from vendor. Added affected software. Added link to original advisory.
2006-02-20: Added CVE references.
Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2005-66/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
4 Related Secunia Security Advisories
|
|
|
1. Autonomy Keyview SDK Multiple Buffer Overflows
|
|
2. Autonomy Keyview SDK Lotus 1-2-3 File Viewer Buffer Overflows
|
|
3. Verity Keyview SDK Multiple Vulnerabilities
|
|
4. Various Products ZIP Archive Processing Buffer Overflow
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
