|
Autonomy Keyview SDK Multiple Buffer Overflows
|
|
Secunia Advisory:
|
SA28209
|
|
|
Release Date:
|
2008-04-08
|
|
Popularity:
|
5,034 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Autonomy KeyView Export SDK 10.x
Autonomy KeyView Filter SDK 10.x
Autonomy KeyView Viewing SDK 10.x
Verity KeyView Export SDK 7.x
Verity KeyView Export SDK 8.x
Verity KeyView Export SDK 9.x
Verity KeyView Filter SDK 7.x
Verity KeyView Filter SDK 8.x
Verity KeyView Filter SDK 9.x
Verity KeyView Viewer SDK 7.x
Verity KeyView Viewer SDK 8.x
Verity KeyView Viewer SDK 9.x
|
|
|
Binary Analysis:
|
BA290 :: Available for 1 Credit 
BA291 :: Available for 1 Credit
BA306 :: Available for 1 Credit
BA339 :: Available for 1 Credit
BA207 :: Available for 1 Credit
BA337 :: Available for 1 Credit
BA338 :: Available for 1 Credit
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Secunia Research has discovered multiple vulnerabilities in Autonomy Keyview, which can be exploited by malicious people to compromise a vulnerable system.
1) A boundary error within the HTML speed reader (htmsr.dll) when handling links in e.g. the "background" attribute of <BODY> tags can be exploited to cause a stack-based buffer overflow.
2) A boundary error within the HTML speed reader (htmsr.dll) when handling e.g. the "src" attribute of <IMG> tags can be exploited to cause a stack-based buffer overflow.
3) A boundary error within the HTML speed reader (htmsr.dll) when handling large chunks of data inside an HTML document can be exploited to cause a heap-based buffer overflow.
4) A boundary error within kvdocve.dll when processing overly long paths can be exploited to cause a buffer overflow via e.g. an overly long link inside the "src" attribute of an <IMG> tag within an HTML document.
5) 21 boundary errors within the "Folio Flat File" speed reader (foliosr.dll) when handling attribute values of a number of tags (eg. DI, FD, FT, JD, JL, LE, OB, OD, OL, PN, PS, PW, RD, QL, or TS) can be exploited to cause stack-based buffer overflows.
6) An unsafe call to "sscanf()" in the Applix Graphics reader (kpagrdr.dll) when parsing the "ENCODING" attribute of the "*BEGIN" tag can be exploited to cause a stack-based buffer overflow.
7) A boundary error in the Applix Graphics reader (kpagrdr.dll) when parsing overly long tokens from the input file can be exploited to cause a heap-based buffer overflow.
8) A boundary error in the Applix Graphics reader (kpagrdr.dll) when parsing the initial "*BEGIN" tag can be exploited to cause stack-based buffer overflow.
9) A logic error in the Applix Graphics reader (kpagrdr.dll) when parsing long tokens can result in an infinite loop. Exploitation will result in maximum CPU usage until an application-configured timeout expires. In some cases memory usage will increase until the OS terminates the process.
10) A boundary error in the EML reader (emlsr.dll) when parsing certain headers ("To:", "Cc:", "Bcc:", "From:", "Date:", "Subject:", "Priority:", "Importance:", and "X-MSMail-Priority:") in EML files can be exploited to cause a heap-based buffer overflow via an overly long string.
11) A boundary error in the EML reader (emlsr.dll) when encountering the beginning of RFC2047 encoded-words in headers can be exploited to cause a heap-based buffer overflow via an overly long string.
12) A boundary error in the EML reader (emlsr.dll) when parsing the text string in RFC2047 encoded-words in headers can be exploited to cause a heap-based buffer overflow via an overly long string.
13) A boundary error in the EML reader (emlsr.dll) when creating a filename based on the subject in an EML file can be exploited to cause a heap-based buffer overflow via an overly long string.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
Today
|
New advisories:
|
20 |
|
New vulnerabilities:
|
79 |
|
Updated advisories:
|
40 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
