Vulnerability Description
Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Activepdf | Docconverter | 3.8.4.0 |
| Autonomy | Keyview | 2.0.0.2 |
| Ibm | Lotus Notes | 6.0 |
| Symantec | Mail Security | 5.0 |
| Symantec | Mail Security Appliance | 5.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/27763Vendor Advisory
- http://secunia.com/advisories/28140Vendor Advisory
- http://secunia.com/advisories/28209Vendor Advisory
- http://secunia.com/advisories/28210Vendor Advisory
- http://secunia.com/advisories/29342Vendor Advisory
- http://secunia.com/secunia_research/2007-104/advisory/Vendor Advisory
- http://secunia.com/secunia_research/2007-105/advisory/Vendor Advisory
- http://secunia.com/secunia_research/2007-106/advisory/Vendor Advisory
- http://secunia.com/secunia_research/2007-107/advisory/Vendor Advisory
- http://securitytracker.com/id?1019805
- http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453Vendor Advisory
- http://www.securityfocus.com/archive/1/490827/100/0/threaded
- http://www.securityfocus.com/archive/1/490829/100/0/threaded
- http://www.securityfocus.com/archive/1/490830/100/0/threaded
- http://www.securityfocus.com/archive/1/490831/100/0/threaded
FAQ
What is CVE-2007-6020?
CVE-2007-6020 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activeP...
How severe is CVE-2007-6020?
CVE-2007-6020 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6020?
Check the references section above for vendor advisories and patch information. Affected products include: Activepdf Docconverter, Autonomy Keyview, Ibm Lotus Notes, Symantec Mail Security, Symantec Mail Security Appliance.