CVE-2007-5406 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2007-5406?

CVE-2007-5406 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-5406?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Lotus Notes, Symantec Mail Security, Autonomy Keyview.

Vulnerability Description

kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Ibm	Lotus Notes	6.0
Symantec	Mail Security	<= 7.5
Autonomy	Keyview	All versions

References

http://secunia.com/advisories/27763Vendor Advisory
http://secunia.com/advisories/28140Vendor Advisory
http://secunia.com/advisories/28209Vendor Advisory
http://secunia.com/advisories/28210Vendor Advisory
http://secunia.com/advisories/29342Vendor Advisory
http://secunia.com/secunia_research/2007-95/advisory/Vendor Advisory
http://secunia.com/secunia_research/2007-96/advisory/Vendor Advisory
http://secunia.com/secunia_research/2007-97/advisory/Vendor Advisory
http://secunia.com/secunia_research/2007-98/advisory/Vendor Advisory
http://securitytracker.com/id?1019805
http://www.securityfocus.com/archive/1/490825/100/0/threaded
http://www.securityfocus.com/archive/1/490837/100/0/threaded
http://www.securityfocus.com/archive/1/490838/100/0/threaded
http://www.securityfocus.com/archive/1/490839/100/0/threaded
http://www.securityfocus.com/bid/28454

FAQ

What is CVE-2007-5406?

CVE-2007-5406 is a vulnerability with a CVSS score of 9.3 (HIGH). kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly ...

How severe is CVE-2007-5406?

CVE-2007-5406 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-5406?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Lotus Notes, Symantec Mail Security, Autonomy Keyview.