Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6593

CWE-119Buffer Overflow4 documents4 sources
Severity
8.8HIGH
EPSS
17.2%
top 4.99%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Lotus Notes
Timeline
PublishedDec 28
Latest updateMay 1

Description

Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909.

CVSS vector

AV:N/AC:M/C:C/I:C/A:NExploitability: 8.6 | Impact: 9.2

Affected Packages1 packages

NVDibm/lotus_notes5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-h6f4-f2q5-cx7v: Multiple stack-based buffer overflows in l123sr2022-05-01
CVEList
CVE-2007-6593: Multiple stack-based buffer overflows in l123sr2007-12-28

💥Exploits & PoCs

1
Exploit-DB
Autonomy KeyView Lotus 1-2-3 - File Multiple Buffer Overflow Vulnerabilities2007-11-26
CVE-2007-6593 (HIGH CVSS 8.8) | Multiple stack-based buffer overflo | cvebase.io