Verity KeyView SDK Multiple File Format Parsing Vulnerabilities

Several vulnerabilities exist in the popular Verity KeyView SDK used in many enterprise applications like IBM Lotus Notes. When parsing several different file formats a standard stack overflow occurs allowing a malicious user to gain complete control of the affected machine under the rights of the currently logged in user. The problem lies when copying user supplied data to a stack based buffer without any boundary conditions. The following file formats have been identified as vulnerable: Adobe Acrobat FrameMaker - .mifApplix Words - .awMicrosoft Rich Text Format - .rtfPortable Executable - .exeDynamic Link Library - .dllApplix Presents - .agMicrosoft Word - .doc