CVE-2008-0066

Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/28140	Vendor Advisory
http://secunia.com/advisories/28209	Vendor Advisory
http://secunia.com/advisories/28210	Vendor Advisory
http://secunia.com/secunia_research/2008-3/advisory/	Vendor Advisory
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
http://www.securityfocus.com/archive/1/490828/100/0/threaded
http://www.securityfocus.com/bid/28454
http://www.securitytracker.com/id?1019843
http://www.vupen.com/english/advisories/2008/1153
http://www.vupen.com/english/advisories/2008/1156
https://exchange.xforce.ibmcloud.com/vulnerabilities/41724
http://secunia.com/advisories/28140	Vendor Advisory
http://secunia.com/advisories/28209	Vendor Advisory
http://secunia.com/advisories/28210	Vendor Advisory
http://secunia.com/secunia_research/2008-3/advisory/	Vendor Advisory
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
http://www.securityfocus.com/archive/1/490828/100/0/threaded
http://www.securityfocus.com/bid/28454
http://www.securitytracker.com/id?1019843
http://www.vupen.com/english/advisories/2008/1153
http://www.vupen.com/english/advisories/2008/1156
https://exchange.xforce.ibmcloud.com/vulnerabilities/41724

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:autonomy:keyview::::::::
	cpe:2.3:a:ibm:lotus_notes:7.0.2:::::::*
	cpe:2.3:a:ibm:lotus_notes:7.0.3:::::::*

History

21 Nov 2024, 00:41

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/28140 - Vendor Advisory~~	() http://secunia.com/advisories/28140 - Vendor Advisory
References	~~() http://secunia.com/advisories/28209 - Vendor Advisory~~	() http://secunia.com/advisories/28209 - Vendor Advisory
References	~~() http://secunia.com/advisories/28210 - Vendor Advisory~~	() http://secunia.com/advisories/28210 - Vendor Advisory
References	~~() http://secunia.com/secunia_research/2008-3/advisory/ - Vendor Advisory~~	() http://secunia.com/secunia_research/2008-3/advisory/ - Vendor Advisory
References	~~() http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453 -~~	() http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453 -
References	~~() http://www.securityfocus.com/archive/1/490828/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/490828/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/28454 -~~	() http://www.securityfocus.com/bid/28454 -
References	~~() http://www.securitytracker.com/id?1019843 -~~	() http://www.securitytracker.com/id?1019843 -
References	~~() http://www.vupen.com/english/advisories/2008/1153 -~~	() http://www.vupen.com/english/advisories/2008/1153 -
References	~~() http://www.vupen.com/english/advisories/2008/1156 -~~	() http://www.vupen.com/english/advisories/2008/1156 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/41724 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/41724 -

Information

Published : 2008-04-10 18:05

Updated : 2024-11-21 00:41

NVD link : CVE-2008-0066

Mitre link : CVE-2008-0066

CVE.ORG link : CVE-2008-0066

JSON object : View

Products Affected

ibm

lotus_notes

autonomy

keyview

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

9.3 /10