CVE-2007-5406

kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/27763	Vendor Advisory
http://secunia.com/advisories/28140	Vendor Advisory
http://secunia.com/advisories/28209	Vendor Advisory
http://secunia.com/advisories/28210	Vendor Advisory
http://secunia.com/advisories/29342	Vendor Advisory
http://secunia.com/secunia_research/2007-95/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-96/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-97/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-98/advisory/	Vendor Advisory
http://securitytracker.com/id?1019805
http://www.securityfocus.com/archive/1/490825/100/0/threaded
http://www.securityfocus.com/archive/1/490837/100/0/threaded
http://www.securityfocus.com/archive/1/490838/100/0/threaded
http://www.securityfocus.com/archive/1/490839/100/0/threaded
http://www.securityfocus.com/bid/28454
http://www.securitytracker.com/id?1019844
http://www.vupen.com/english/advisories/2008/1153
http://www.vupen.com/english/advisories/2008/1154
http://www.vupen.com/english/advisories/2008/1156
https://exchange.xforce.ibmcloud.com/vulnerabilities/41722
http://secunia.com/advisories/27763	Vendor Advisory
http://secunia.com/advisories/28140	Vendor Advisory
http://secunia.com/advisories/28209	Vendor Advisory
http://secunia.com/advisories/28210	Vendor Advisory
http://secunia.com/advisories/29342	Vendor Advisory
http://secunia.com/secunia_research/2007-95/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-96/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-97/advisory/	Vendor Advisory
http://secunia.com/secunia_research/2007-98/advisory/	Vendor Advisory
http://securitytracker.com/id?1019805
http://www.securityfocus.com/archive/1/490825/100/0/threaded
http://www.securityfocus.com/archive/1/490837/100/0/threaded
http://www.securityfocus.com/archive/1/490838/100/0/threaded
http://www.securityfocus.com/archive/1/490839/100/0/threaded
http://www.securityfocus.com/bid/28454
http://www.securitytracker.com/id?1019844
http://www.vupen.com/english/advisories/2008/1153
http://www.vupen.com/english/advisories/2008/1154
http://www.vupen.com/english/advisories/2008/1156
https://exchange.xforce.ibmcloud.com/vulnerabilities/41722

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:lotus_notes:6.0:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.5:::::::*
	cpe:2.3:a:ibm:lotus_notes:7.0:::::::*
	cpe:2.3:a:ibm:lotus_notes:8.0:::::::*
	cpe:2.3:a:ibm:lotus_notes:8.0.1:::::::*
	cpe:2.3:a:symantec:mail_security:::domino:::::*
	cpe:2.3:a:symantec:mail_security:5.0:::::::*
	cpe:2.3:a:symantec:mail_security:5.0::microsoft_exchange:::::
	cpe:2.3:a:symantec:mail_security:5.0.0::smtp:::::
	cpe:2.3:a:symantec:mail_security:5.0.1::smtp:::::

cpe:2.3:a:autonomy:keyview:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:37

Information

Published : 2008-04-10 18:05

Updated : 2024-11-21 00:37

NVD link : CVE-2007-5406

Mitre link : CVE-2007-5406

CVE.ORG link : CVE-2007-5406

JSON object : View

Products Affected

autonomy

keyview

ibm

lotus_notes

symantec

mail_security

CWE

NVD-CWE-Other

9.3 /10