Verity KeyView SDK Multiple File Format Parsing Vulnerabilities
ZDI-07-059: October 31st, 2007CVE ID
Affected Vendors
Affected Products
-
Lotus Notes
KeyView SDK
TippingPoint™ IPS Customer Protection
TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 4660,4662,4663,4697,4698,. For further product information on the TippingPoint IPS:Vulnerability Details
Several vulnerabilities exist in the popular Verity KeyView SDK used in many enterprise applications like IBM Lotus Notes. When parsing several different file formats a standard stack overflow occurs allowing a malicious user to gain complete control of the affected machine under the rights of the currently logged in user. The problem lies when copying user supplied data to a stack based buffer without any boundary conditions.
The following file formats have been identified as vulnerable:
Adobe Acrobat FrameMaker - .mif
Applix Words - .aw
Microsoft Rich Text Format - .rtf
Portable Executable - .exe
Dynamic Link Library - .dll
Applix Presents - .ag
Microsoft Word - .doc
Vendor Response
IBM has issued an update to correct this vulnerability. More details can be found at:Verity states:
Disclosure Timeline
-
2006-06-16 - Vulnerability reported to vendor
2007-10-31 - Coordinated public release of advisory
Credit
This vulnerability was discovered by:-
Eric DETOISIEN
