Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
SMTP:MAL:IBM-LOTUS-MIF-OF |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
SMTP |
Keywords |
IBM Lotus Notes MIF Viewer Statement Data Overflow |
Release Date |
2016/10/04 |
Update Number |
2783 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
SMTP: IBM Lotus Notes MIF Viewer Statement Data Overflow
This signature detects attempts to exploit a known vulnerability in the IBM Lotus Notes. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the currently logged on user.
Extended Description
Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910.
Affected Products
- Activepdf docconverter 3.8.2_.5
- Autonomy keyview_export_sdk 9.2.0
- Autonomy keyview_filter_sdk 9.2.0
- Autonomy keyview_viewer_sdk 9.2.0
- Ibm lotus_notes 7.0.2
- Symantec mail_security 5.0
- Symantec mail_security 5.0.0
- Symantec mail_security 5.0.0.24
- Symantec mail_security 5.0.1
- Symantec mail_security 7.5
References
- BugTraq: 26175
- CVE: CVE-2007-5909
- CVE: CVE-2007-5910