Lucene search

[email protected]CVE-2007-5406

HistoryApr 10, 2008 - 6:05 p.m.

CVE-2007-5406

2008-04-1018:05:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-5406

kpagrdr.dll

autonomy

verity

keyview

ibm lotus notes

symantec mail security

activepdf docconverter

denial of service

cpu

memory consumption

crafted file

vulnerability

6.5 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.344 Low

EPSS

Percentile

97.1%

JSON

kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted .ag file.

CPENameOperatorVersion
ibm:lotus_notesibm lotus noteseq6.0
ibm:lotus_notesibm lotus noteseq6.5
ibm:lotus_notesibm lotus noteseq7.0
ibm:lotus_notesibm lotus noteseq8.0
ibm:lotus_notesibm lotus noteseq8.0.1
symantec:mail_securitysymantec mail securityle7.5
symantec:mail_securitysymantec mail securityeq5.0
symantec:mail_securitysymantec mail securityeq5.0.0
symantec:mail_securitysymantec mail securityeq5.0.1
autonomy:keyviewautonomy keyvieweq*

CPE	Name	Operator	Version
ibm:lotus_notes	ibm lotus notes	eq	6.0
ibm:lotus_notes	ibm lotus notes	eq	6.5
ibm:lotus_notes	ibm lotus notes	eq	7.0
ibm:lotus_notes	ibm lotus notes	eq	8.0
ibm:lotus_notes	ibm lotus notes	eq	8.0.1
symantec:mail_security	symantec mail security	le	7.5
symantec:mail_security	symantec mail security	eq	5.0
symantec:mail_security	symantec mail security	eq	5.0.0
symantec:mail_security	symantec mail security	eq	5.0.1
autonomy:keyview	autonomy keyview	eq	*

References

secunia.com/advisories/27763

secunia.com/advisories/28140

secunia.com/advisories/28209

secunia.com/advisories/28210

secunia.com/advisories/29342

secunia.com/secunia_research/2007-95/advisory/

secunia.com/secunia_research/2007-96/advisory/

secunia.com/secunia_research/2007-97/advisory/

secunia.com/secunia_research/2007-98/advisory/

securitytracker.com/id?1019805

www.securityfocus.com/archive/1/490825/100/0/threaded

www.securityfocus.com/archive/1/490837/100/0/threaded

www.securityfocus.com/archive/1/490838/100/0/threaded

www.securityfocus.com/archive/1/490839/100/0/threaded

www.securityfocus.com/bid/28454

www.securitytracker.com/id?1019844

www.vupen.com/english/advisories/2008/1153

www.vupen.com/english/advisories/2008/1154

www.vupen.com/english/advisories/2008/1156

exchange.xforce.ibmcloud.com/vulnerabilities/41722

6.5 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.344 Low

EPSS

Percentile

97.1%

JSON

Related for CVE-2007-5406

prion1 securityvulns4 nessus2