|
 |
|
Autonomy Keyview SDK Multiple Buffer Overflows
|
|
|
|
|
Secunia Advisory:
|
SA28209
|
|
|
Release Date:
|
2008-04-08
|
|
|
Critical:
|

Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Autonomy KeyView Export SDK 10.x Autonomy KeyView Filter SDK 10.x Autonomy KeyView Viewing SDK 10.x Verity KeyView Export SDK 7.x Verity KeyView Export SDK 8.x Verity KeyView Export SDK 9.x Verity KeyView Filter SDK 7.x Verity KeyView Filter SDK 8.x Verity KeyView Filter SDK 9.x Verity KeyView Viewer SDK 7.x Verity KeyView Viewer SDK 8.x Verity KeyView Viewer SDK 9.x
|
| | CVE reference: | CVE-2007-5399 (Secunia mirror) CVE-2007-5405 (Secunia mirror) CVE-2007-5406 (Secunia mirror) CVE-2007-6020 (Secunia mirror) CVE-2008-0066 (Secunia mirror) CVE-2008-1101 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS! |
|
|
Description: Secunia Research has discovered multiple vulnerabilities in Autonomy Keyview, which can be exploited by malicious people to compromise a vulnerable system.
1) A boundary error within the HTML speed reader (htmsr.dll) when handling links in e.g. the "background" attribute of <BODY> tags can be exploited to cause a stack-based buffer overflow.
2) A boundary error within the HTML speed reader (htmsr.dll) when handling e.g. the "src" attribute of <IMG> tags can be exploited to cause a stack-based buffer overflow.
3) A boundary error within the HTML speed reader (htmsr.dll) when handling large chunks of data inside an HTML document can be exploited to cause a heap-based buffer overflow.
4) A boundary error within kvdocve.dll when processing overly long paths can be exploited to cause a buffer overflow via e.g. an overly long link inside the "src" attribute of an <IMG> tag within an HTML document.
5) 21 boundary errors within the "Folio Flat File" speed reader (foliosr.dll) when handling attribute values of a number of tags (eg. DI, FD, FT, JD, JL, LE, OB, OD, OL, PN, PS, PW, RD, QL, or TS) can be exploited to cause stack-based buffer overflows.
6) An unsafe call to "sscanf()" in the Applix Graphics reader (kpagrdr.dll) when parsing the "ENCODING" attribute of the "*BEGIN" tag can be exploited to cause a stack-based buffer overflow.
7) A boundary error in the Applix Graphics reader (kpagrdr.dll) when parsing overly long tokens from the input file can be exploited to cause a heap-based buffer overflow.
8) A boundary error in the Applix Graphics reader (kpagrdr.dll) when parsing the initial "*BEGIN" tag can be exploited to cause stack-based buffer overflow.
9) A logic error in the Applix Graphics reader (kpagrdr.dll) when parsing long tokens can result in an infinite loop. Exploitation will result in maximum CPU usage until an application-configured timeout expires. In some cases memory usage will increase until the OS terminates the process.
10) A boundary error in the EML reader (emlsr.dll) when parsing certain headers ("To:", "Cc:", "Bcc:", "From:", "Date:", "Subject:", "Priority:", "Importance:", and "X-MSMail-Priority:") in EML files can be exploited to cause a heap-based buffer overflow via an overly long string.
11) A boundary error in the EML reader (emlsr.dll) when encountering the beginning of RFC2047 encoded-words in headers can be exploited to cause a heap-based buffer overflow via an overly long string.
12) A boundary error in the EML reader (emlsr.dll) when parsing the text string in RFC2047 encoded-words in headers can be exploited to cause a heap-based buffer overflow via an overly long string.
13) A boundary error in the EML reader (emlsr.dll) when creating a filename based on the subject in an EML file can be exploited to cause a heap-based buffer overflow via an overly long string.
Solution: Update to version 10.4.0.0 or later.
Provided and/or discovered by: 1-4) Secunia Research
5-9) Dyon Balding, Secunia Research.
10-13) Carsten Eiram, Secunia Research.
Original Advisory: Secunia Research:
http://secunia.com/secunia_research/2007-91/
http://secunia.com/secunia_research/2007-95/
http://secunia.com/secunia_research/2007-104/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
4 Related Secunia Security Advisories
|
|
|
1. Autonomy Keyview SDK Lotus 1-2-3 File Viewer Buffer Overflows
|
|
2. Verity Keyview SDK Multiple Vulnerabilities
|
|
3. Verity KeyView SDK Multiple Vulnerabilities
|
|
4. Various Products ZIP Archive Processing Buffer Overflow
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|

|
 |
Secunia PSI Scan | Patch | Track Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|