Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.NOTES_KEYVIEW_FILTER_OVERFLOWS.NASL
HistoryJul 29, 2010 - 12:00 a.m.

Autonomy KeyView Filter Module Multiple Memory Corruption Vulnerabilities (Lotus Notes)

2010-07-2900:00:00
This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
www.tenable.com
8
JSON

The version of Lotus Notes installed on the remote Windows host ships with several DLL designed to perform file conversions (‘Autonomy KeyView Filter’).

Specifically, these DLLs are affected by several overflow vulnerabilities that may allow an attacker to execute arbitrary code on the remote host.

To exploit these vulnerabilities, an attacker would need to send a specially malformed document to a user on the remote host and wait for him to open it via Notes.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(47899);
  script_version("1.14");
  script_cvs_date("Date: 2018/11/15 20:50:27");

  script_cve_id("CVE-2010-0126", "CVE-2010-0133", "CVE-2010-0134", "CVE-2010-0135", "CVE-2010-0131", "CVE-2010-1524", "CVE-2010-1525");
  script_bugtraq_id(41928);

  script_name(english:"Autonomy KeyView Filter Module Multiple Memory Corruption Vulnerabilities (Lotus Notes)");
  script_summary(english:"Checks version of DLLs shipped with Lotus Notes"); 
 
  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has a DLL that is affected by several buffer
overflow vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Lotus Notes installed on the remote Windows host ships
with several DLL designed to perform file conversions ('Autonomy
KeyView Filter'). 

Specifically, these DLLs are affected by several overflow
vulnerabilities that may allow an attacker to execute arbitrary code
on the remote host. 

To exploit these vulnerabilities, an attacker would need to send a
specially malformed document to a user on the remote host and wait for
him to open it via Notes.");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21440812");
  script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/secunia_research/2010-16/");
  script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/secunia_research/2010-27/");
  script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/secunia_research/2010-49/");
  script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/secunia_research/2010-28/");
  script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/secunia_research/2010-35/");
  script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/secunia_research/2010-31/");
  script_set_attribute(attribute:"solution", value: "Apply the patch from IBM");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/07/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/29");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe",value:"cpe:/a:ibm:lotus_notes");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");
  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "lotus_notes_installed.nasl");
  script_require_keys("SMB/name", "SMB/login", "SMB/password","SMB/Lotus_Notes/Installed","Settings/ParanoidReport");
  script_require_ports("Services/notes", 139, 445);
  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

if ( report_paranoia < 2 ) audit(AUDIT_PARANOID);

appname = "IBM Lotus Notes";
kb_base = "SMB/Lotus_Notes/";

path = get_kb_item_or_exit(kb_base + 'Path');
version = get_kb_item_or_exit(kb_base + 'Version');

dlls = make_array("kpmsordr.dll", "8.5.14.10206",
	                "mwsr.dll", "8.5.14.10206",
	                "wkssr.dll", "8.5.14.10206",
	                "kvolefio.dll", "8.5.14.10206",
	                "qpssr.dll", "8.5.14.10206",
	                "wosr.dll", "8.5.14.10206");

flag = 0;
report = '';

foreach dll (keys(dlls))
{
 if ( hotfix_check_fversion(file:dll, version:dlls[dll], path:path) == HCF_OLDER )
   flag = 1;
}

hotfix_check_fversion_end();

if ( flag ) hotfix_security_hole();
else audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);
VendorProductVersionCPE
ibmlotus_notescpe:/a:ibm:lotus_notes

Related

securityvulns 8
cve 7
prion 7
securityvulns
securityvulns
Autonomy KeyView multiple security vulnerabilities
2010-08-26 00:00:00
Secunia Research: Autonomy KeyView wkssr.dll Record Parsing Buffer Overflows
2010-07-29 00:00:00
Secunia Research: Autonomy KeyView wosr.dll Data Block Parsing Buffer Overflow
2010-07-29 00:00:00
cve
cve
CVE-2010-1525
2010-08-17 20:00:00
CVE-2010-0135
2010-08-17 20:00:00
CVE-2010-0133
2010-08-17 20:00:00
prion
prion
Heap overflow
2010-08-17 20:00:00
Stack overflow
2010-08-17 20:00:00
Integer overflow
2010-08-17 20:00:00
JSON
Related for NOTES_KEYVIEW_FILTER_OVERFLOWS.NASL
securityvulns8cve7prion7