Multiple vulnerabilities have been reported in Verity Keyview SDK, which potentially can be exploited by malicious people to compromise a user's system.
1) The vulnerabilities are caused due to various errors within the file viewers and can be exploited to cause buffer overflows by tricking a user into viewing a specially crafted file.
The following file viewers are affected:
2) A boundary error in the EML file viewer (emlsr.dll) when parsing "Content-Type" tags can be exploited to cause a heap-based buffer overflow via a specially crafted EML file containing an overly long "Content-Type" string.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Solution: Update to version 188.8.131.52 available via the vendor's customer support site.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org