Advisory Details

October 31st, 2007

Verity KeyView SDK Multiple File Format Parsing Vulnerabilities

ZDI-07-059
ZDI-CAN-047

CVE ID CVE-2007-5909
CVSS SCORE
AFFECTED VENDORS IBM
Verity
AFFECTED PRODUCTS Lotus Notes
KeyView SDK
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 4660,4662,4663,4697,4698,. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS

Several vulnerabilities exist in the popular Verity KeyView SDK used in many enterprise applications like IBM Lotus Notes. When parsing several different file formats a standard stack overflow occurs allowing a malicious user to gain complete control of the affected machine under the rights of the currently logged in user. The problem lies when copying user supplied data to a stack based buffer without any boundary conditions.

The following file formats have been identified as vulnerable:

Adobe Acrobat FrameMaker - .mif
Applix Words - .aw
Microsoft Rich Text Format - .rtf
Portable Executable - .exe
Dynamic Link Library - .dll
Applix Presents - .ag
Microsoft Word - .doc

ADDITIONAL DETAILS IBM has issued an update to correct this vulnerability. More details can be found at:
http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21272836
DISCLOSURE TIMELINE
  • 2006-06-16 - Vulnerability reported to vendor
  • 2007-10-31 - Coordinated public release of advisory
CREDIT Eric DETOISIEN
BACK TO ADVISORIES