CVE-2007-5399
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote attackers to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority, (8) Importance, or (9) X-MSMail-Priority header; (10) a long string at the beginning of an RFC2047 encoded-word in a header; (11) a long text string in an RFC2047 encoded-word in a header; or (12) a long Subject header, related to creation of an associated filename.
Múltiples desbordamientos de búfer basados en montículo en emlsd.dll en el lector EML en Autonomy (anteriormente Verity) KeyView 10.3.0.0, usado en IBM Lotus Notes, permite a atacantes remotos ejecutar código de su elección a través de un campo largo(1) To(para) , (2) Cc, (3) Bcc, (4) From (desde), (5) Date, (6) Subject (Asunto), (7) Priority, (8) Importance, or (9)cabecera X-MSMail-Priority; (10) una cadena larga al comiezo de un palabra en la cabecera codificada RFC2047; (11)un texto largo al comienzo de un palabra en la cabecera codificada RFC2047; o (12) una cabecera de Subject(Asunto) larga, relacionada con la creación de un fichero asociado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-10-12 CVE Reserved
- 2008-04-10 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/490832/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/490833/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/28454 | Vdb Entry | |
| http://www.securitytracker.com/id?1019842 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/1153 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/1156 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41723 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/28209 | 2018-10-15 | |
| http://secunia.com/advisories/28210 | 2018-10-15 | |
| http://secunia.com/secunia_research/2007-91/advisory | 2018-10-15 | |
| http://secunia.com/secunia_research/2007-92/advisory | 2018-10-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Autonomy Search vendor "Autonomy" | Keyview Search vendor "Autonomy" for product "Keyview" | 10.3.0.0 Search vendor "Autonomy" for product "Keyview" and version "10.3.0.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 6.0 Search vendor "Ibm" for product "Lotus Notes" and version "6.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 6.5 Search vendor "Ibm" for product "Lotus Notes" and version "6.5" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 7.0 Search vendor "Ibm" for product "Lotus Notes" and version "7.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 7.0.2 Search vendor "Ibm" for product "Lotus Notes" and version "7.0.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | 7.0.3 Search vendor "Ibm" for product "Lotus Notes" and version "7.0.3" | - |
Affected
| ||||||