Verity KeyView Viewer SDK htmsr.dll Link Processing Overflow

2006-02-10T09:47:53
ID OSVDB:23068
Type osvdb
Reporter Carsten Eiram()
Modified 2006-02-10T09:47:53

Description

Vulnerability Description

An overflow exists in the HTML speed reader component of the KeyView Viewer SDK. The software fails to properly validate file names passed to the 'htmsr.dll' library when a link is clicked, resulting in a buffer overflow. With a specially crafted long file name starting with a 'http', 'ftp' or '//' prefix, an attacker can execute arbitrary code, resulting in a loss of integrity.

Note that the vulnerable component is used by IBM Lotus Notes for viewing HTML files.

Solution Description

Upgrade to version 8.2, 9.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

An overflow exists in the HTML speed reader component of the KeyView Viewer SDK. The software fails to properly validate file names passed to the 'htmsr.dll' library when a link is clicked, resulting in a buffer overflow. With a specially crafted long file name starting with a 'http', 'ftp' or '//' prefix, an attacker can execute arbitrary code, resulting in a loss of integrity.

Note that the vulnerable component is used by IBM Lotus Notes for viewing HTML files.

References:

Vendor URL: http://www.verity.com/products/oem_solutions/keyview/ Vendor Specific Advisory URL Security Tracker: 1015657 Secunia Advisory ID:16100 Secunia Advisory ID:16280 Related OSVDB ID: 23064 Related OSVDB ID: 23066 Related OSVDB ID: 23065 Related OSVDB ID: 23067 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0185.html FrSIRT Advisory: ADV-2006-0500 CVE-2005-2618 CERT VU: 884076