Vulnerability Description
Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Autonomy | Keyview | All versions |
| Ibm | Lotus Notes | 7.0.2 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/28140Vendor Advisory
- http://secunia.com/advisories/28209Vendor Advisory
- http://secunia.com/advisories/28210Vendor Advisory
- http://secunia.com/secunia_research/2008-3/advisory/Vendor Advisory
- http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
- http://www.securityfocus.com/archive/1/490828/100/0/threaded
- http://www.securityfocus.com/bid/28454
- http://www.securitytracker.com/id?1019843
- http://www.vupen.com/english/advisories/2008/1153
- http://www.vupen.com/english/advisories/2008/1156
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41724
- http://secunia.com/advisories/28140Vendor Advisory
- http://secunia.com/advisories/28209Vendor Advisory
- http://secunia.com/advisories/28210Vendor Advisory
- http://secunia.com/secunia_research/2008-3/advisory/Vendor Advisory
FAQ
What is CVE-2008-0066?
CVE-2008-0066 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via ...
How severe is CVE-2008-0066?
CVE-2008-0066 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0066?
Check the references section above for vendor advisories and patch information. Affected products include: Autonomy Keyview, Ibm Lotus Notes.