IBM Lotus Notes Lotus 1-2-3 Work Sheet File Viewer Buffer Overflows
Publish Date: 15 Februar 2011
Schweregrad:: Kritisch
CVE Kennungen:: CVE-2007-5909
Hinweisdatum: 15 Februar 2011
Beschreibung
Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910.
Trend Micro Lösungen
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1001206
Trend Micro Deep Security DPI Rule Name: 1001206 - IBM Lotus Notes Lotus 1-2-3 Work Sheet File Viewer Buffer Overflows
Betroffene Software und Version:
- Autonomy KeyView Export SDK 9.2.0
- Autonomy KeyView Filter SDK 9.2.0
- Autonomy KeyView Viewer SDK 9.2.0
- IBM Lotus Notes 7.0.2
- Symantec Mail Security 5.0
- Symantec Mail Security 5.0.0
- Symantec Mail Security 5.0.0.24
- Symantec Mail Security 5.0.1
- Symantec Mail Security 7.5
- activepdf docconverter 3.8.2 .5