Vulnerability Description
Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Activepdf | Docconverter | 3.8.2_.5 |
| Autonomy | Keyview | 2.0.0.2 |
| Ibm | Lotus Notes | 6.0 |
| Symantec | Mail Security | 5.0 |
| Symantec | Mail Security Appliance | 5.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/27763Vendor Advisory
- http://secunia.com/advisories/28140Vendor Advisory
- http://secunia.com/advisories/28209Vendor Advisory
- http://secunia.com/advisories/28210Vendor Advisory
- http://secunia.com/advisories/29342Vendor Advisory
- http://secunia.com/secunia_research/2007-95/advisory/Vendor Advisory
- http://secunia.com/secunia_research/2007-96/advisory/Vendor Advisory
- http://secunia.com/secunia_research/2007-97/advisory/Vendor Advisory
- http://secunia.com/secunia_research/2007-98/advisory/Vendor Advisory
- http://securitytracker.com/id?1019805
- http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
- http://www.securityfocus.com/archive/1/490825/100/0/threaded
- http://www.securityfocus.com/archive/1/490837/100/0/threaded
- http://www.securityfocus.com/archive/1/490838/100/0/threaded
- http://www.securityfocus.com/archive/1/490839/100/0/threaded
FAQ
What is CVE-2007-5405?
CVE-2007-5405 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF Doc...
How severe is CVE-2007-5405?
CVE-2007-5405 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5405?
Check the references section above for vendor advisories and patch information. Affected products include: Activepdf Docconverter, Autonomy Keyview, Ibm Lotus Notes, Symantec Mail Security, Symantec Mail Security Appliance.