CVE-2008-0066 Information
Description
Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView as used by IBM Lotus Notes 7.0.2 and 7.0.3 allow remote attackers to execute arbitrary code via an HTML document with (1) \large chunks of data\ or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element.
Reference
http://secunia.com/advisories/28140 http://secunia.com/advisories/28209 http://secunia.com/advisories/28210 http://secunia.com/secunia_research/2008-3/advisory/ http://www.securityfocus.com/archive/1/490828/100/0/threaded http://www.securityfocus.com/bid/28454 http://www.securitytracker.com/id?1019843 http://www.vupen.com/english/advisories/2008/1153 http://www.vupen.com/english/advisories/2008/1156 http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453 https://exchange.xforce.ibmcloud.com/vulnerabilities/41724
Share on: