CVE-2007-6020

CWE-119Buffer Overflow3 documents3 sources
Severity
9.3CRITICAL
EPSS
34.7%
top 2.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Activepdf DocconverterAutonomy KeyviewIBM Lotus Notes+2 more
Timeline
PublishedApr 10
Latest updateMay 1

Description

Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

NVDsymantec/mail_security4 versions+3
NVDibm/lotus_notes5 versions+4
NVDautonomy/keyview10.3.0.0, 2.0.0.2+1

🔴Vulnerability Details

2
GHSA
GHSA-88rv-7jw7-2cm8: Multiple stack-based buffer overflows in foliosr2022-05-01
CVEList
CVE-2007-6020: Multiple stack-based buffer overflows in foliosr2008-04-10
CVE-2007-6020 (CRITICAL CVSS 9.3) | Multiple stack-based buffer overflo | cvebase.io