Page 5 of 24 results (0.002 seconds)

CVSS: 9.3EPSS: 4%CPEs: 11EXPL: 0

Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3, Symantec Mail Security, and other products, allows remote attackers to execute arbitrary code via a crafted WordPerfect (WPD) file. Desbordamiento de búfer basado en pila en el Autonomy (antiguamente Verity) KeyView Viewer, en el Filter y en el Export SDK anterior al 9.2.0.12, como el utilizado en el ActivePDF DocConverter, en el wp6sr.dll del IBM Lotus Notes 8.0 y anteriores al 7.0.3, en el Symantec Mail Security y en otros productos, permite a atacantes remotos ejecutar código de su elección a través de un fichero modificado de WordPerfect (WPD). • http://secunia.com/advisories/27304 http://securityreason.com/securityalert/3357 http://securityresponse.symantec.com/avcenter/security/Content/2007.11.01c.html http://securitytracker.com/id?1018853 http://securitytracker.com/id?1018886 http://vuln.sg/lotusnotes702-en.html http://vuln.sg/lotusnotes702wpd-en.html http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21271111 http://www.securityfocus.com/archive/1/482664 http://www.securityfocus.com/bid/26175 http://www.vupen.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 88%CPEs: 11EXPL: 0

Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910. Múltiples desbordamientos de búfer basados en pila en el Autonomy (antiguamente Verity) KeyView Viewer, en el Filter y en el Export SDK anterior al 9.2.0.12, como el utilizado en el ActivePDF DocConverter, en el IBM Lotus Notes anterior al 7.0.3, en el Symantec Mail Security y en otros productos, permiten a atacantes remotos ejecutar código de su elección a través de modificaciones en (1) el fichero AG del kpagrdr.dll, (2) en el fichero AW del awsr.dll, (3) en el fichero DLL o el (4) EXE del exesr.dll, (5) en el fichero DOC del mwsr.dll, (6) en el fichero MIF del mifsr.dll, (7) en el fichero SAM del lasr.dll o (8) en el fichero RTF del rtfsr.dll. NOTA: el vector WPD (wp6sr.dll) se trata en la vulnerabilidad CVE-2007-5910. Several vulnerabilities exist in the popular Verity KeyView SDK used in many enterprise applications like IBM Lotus Notes. • http://secunia.com/advisories/27304 http://securityreason.com/securityalert/3357 http://securityresponse.symantec.com/avcenter/security/Content/2007.11.01c.html http://securitytracker.com/id?1018853 http://securitytracker.com/id?1018886 http://vuln.sg/lotusnotes702-en.html http://vuln.sg/lotusnotes702doc-en.html http://vuln.sg/lotusnotes702mif-en.html http://vuln.sg/lotusnotes702sam-en.html http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21271111 http://www-1.ibm.com/suppor • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 95%CPEs: 14EXPL: 0

Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via (1) a UUE file containing an encoded file with a long filename handled by uudrdr.dll, (2) a compressed ZIP file with a long filename handled by kvarcve.dll, (3) a TAR archive with a long filename that is extracted to a directory with a long path handled by the TAR reader (tarrdr.dll), (4) an email that contains a long HTTP, FTP, or // link handled by the HTML speed reader (htmsr.dll) or (5) an email containing a crafted long link handled by the HTML speed reader (htmsr.dll). • http://secunia.com/advisories/16100 http://secunia.com/advisories/16280 http://secunia.com/secunia_research/2005-32/advisory http://secunia.com/secunia_research/2005-34/advisory http://secunia.com/secunia_research/2005-36/advisory http://secunia.com/secunia_research/2005-37/advisory http://secunia.com/secunia_research/2005-66/advisory http://securitytracker.com/id?1015657 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918 http://www.kb.cert.org/vuls/id/884076 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 2%CPEs: 14EXPL: 0

Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview. • http://secunia.com/advisories/16100 http://secunia.com/advisories/16280 http://secunia.com/secunia_research/2005-30/advisory http://secunia.com/secunia_research/2005-66/advisory http://securitytracker.com/id?1015657 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918 http://www.osvdb.org/23066 http://www.securityfocus.com/archive/1/424717/100/0/threaded http://www.securityfocus.com/bid/16576 http://www.vupen.com/english/advisories/2006/0500 https://exchang • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •