Verity KeyView SDK Multiple File Format Parsing Vulnerabilities

ID ZDI-07-059
Type zdi
Reporter Eric DETOISIEN
Modified 2007-11-09T00:00:00


Several vulnerabilities exist in the popular Verity KeyView SDK used in many enterprise applications like IBM Lotus Notes. When parsing several different file formats a standard stack overflow occurs allowing a malicious user to gain complete control of the affected machine under the rights of the currently logged in user. The problem lies when copying user supplied data to a stack based buffer without any boundary conditions.

The following file formats have been identified as vulnerable:

Adobe Acrobat FrameMaker - .mif
Applix Words - .aw
Microsoft Rich Text Format - .rtf
Portable Executable - .exe
Dynamic Link Library - .dll
Applix Presents - .ag
Microsoft Word - .doc