CVE-2007-5909

2007-11-1002:46:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.883

Percentile

98.7%

JSON

Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910.

Affected configurations

Nvd

Node

activepdfdocconverterMatch3.8.2_.5

autonomykeyview_export_sdkRange≤9.2.0

autonomykeyview_filter_sdkRange≤9.2.0

autonomykeyview_viewer_sdkRange≤9.2.0

ibmlotus_notesRange≤7.0.2

symantecmail_securityMatch5.0appliance

symantecmail_securityMatch5.0microsoft_exchange

symantecmail_securityMatch5.0.0smtp

symantecmail_securityMatch5.0.0.24appliance

symantecmail_securityMatch5.0.1smtp

symantecmail_securityMatch7.5domino

VendorProductVersionCPE
activepdfdocconverter3.8.2_.5cpe:2.3:a:activepdf:docconverter:3.8.2_.5:*:*:*:*:*:*:*
autonomykeyview_export_sdk*cpe:2.3:a:autonomy:keyview_export_sdk:*:*:*:*:*:*:*:*
autonomykeyview_filter_sdk*cpe:2.3:a:autonomy:keyview_filter_sdk:*:*:*:*:*:*:*:*
autonomykeyview_viewer_sdk*cpe:2.3:a:autonomy:keyview_viewer_sdk:*:*:*:*:*:*:*:*
ibmlotus_notes*cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*
symantecmail_security5.0cpe:2.3:a:symantec:mail_security:5.0:*:appliance:*:*:*:*:*
symantecmail_security5.0cpe:2.3:a:symantec:mail_security:5.0:*:microsoft_exchange:*:*:*:*:*
symantecmail_security5.0.0cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*
symantecmail_security5.0.0.24cpe:2.3:a:symantec:mail_security:5.0.0.24:*:appliance:*:*:*:*:*
symantecmail_security5.0.1cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*

Vendor	Product	Version	CPE
activepdf	docconverter	3.8.2_.5	cpe:2.3:a:activepdf:docconverter:3.8.2_.5:::::::*
autonomy	keyview_export_sdk	*	cpe:2.3:a:autonomy:keyview_export_sdk::::::::
autonomy	keyview_filter_sdk	*	cpe:2.3:a:autonomy:keyview_filter_sdk::::::::
autonomy	keyview_viewer_sdk	*	cpe:2.3:a:autonomy:keyview_viewer_sdk::::::::
ibm	lotus_notes	*	cpe:2.3:a:ibm:lotus_notes::::::::
symantec	mail_security	5.0	cpe:2.3:a:symantec:mail_security:5.0::appliance:::::
symantec	mail_security	5.0	cpe:2.3:a:symantec:mail_security:5.0::microsoft_exchange:::::
symantec	mail_security	5.0.0	cpe:2.3:a:symantec:mail_security:5.0.0::smtp:::::
symantec	mail_security	5.0.0.24	cpe:2.3:a:symantec:mail_security:5.0.0.24::appliance:::::
symantec	mail_security	5.0.1	cpe:2.3:a:symantec:mail_security:5.0.1::smtp:::::