CVE-2007-5910 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Keyview Export SDK

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

31.0%

top 3.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autonomy Keyview Export SDK Autonomy Keyview Filter SDK Autonomy Keyview Viewer SDK +3 more

Timeline

PublishedNov 10

Latest updateMay 1

Description

Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3, Symantec Mail Security, and other products, allows remote attackers to execute arbitrary code via a crafted WordPerfect (WPD) file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages6 packages

▶NVDautonomy/keyview_export_sdk9.2.0

▶NVDautonomy/keyview_filter_sdk9.2.0

▶NVDautonomy/keyview_viewer_sdk9.2.0

▶NVDsymantec/mail_security5 versions+4

▶NVDibm/lotus_notes7.0.2

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-p542-8xvj-878h: Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9↗2022-05-01

▶

CVEList

CVE-2007-5910: Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9↗2007-11-10

▶