CVE-2007-5909 Information

Description

Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer Filter and Export SDK before 9.2.0.12 as used by ActivePDF DocConverter IBM Lotus Notes before 7.0.3 Symantec Mail Security and other products allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll (2) AW file to awsr.dll (3) DLL or (4) EXE file to exesr.dll (5) DOC file to mwsr.dll (6) MIF file to mifsr.dll (7) SAM file to lasr.dll or (8) RTF file to rtfsr.dll. NOTE: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910.

Reference

http://secunia.com/advisories/27304 http://securityreason.com/securityalert/3357 http://securityresponse.symantec.com/avcenter/security/Content/2007.11.01c.html http://securitytracker.com/id?1018853 http://securitytracker.com/id?1018886 http://vuln.sg/lotusnotes702doc-en.html http://vuln.sg/lotusnotes702-en.html http://vuln.sg/lotusnotes702mif-en.html http://vuln.sg/lotusnotes702sam-en.html http://www.securityfocus.com/archive/1/482664 http://www.securityfocus.com/archive/1/483102/100/0/threaded http://www.securityfocus.com/bid/26175 http://www.vupen.com/english/advisories/2007/3596 http://www.vupen.com/english/advisories/2007/3697 http://www.zerodayinitiative.com/advisories/ZDI-07-059.html http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21271111 http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21272836