9.3 - VU#276563

Executive Summary

Summary
Title	Autonomy KeyView SDK buffer overflow vulnerability

Informations
Name	VU#276563	First vendor Publication	2009-03-19
Vendor	VU-CERT	Last vendor Modification	2009-04-30
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#276563

Autonomy KeyView SDK buffer overflow vulnerability

Overview

Autonomy KeyView SDK contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code.

I. Description

Autonomy KeyView SDK is a commercial software development kit (SDK) that includes file filtering libraries. A vulnerability exists in the way the SDK libraries process specially crafted WordPerfect documents. According to iDefense:

This vulnerability exists within the "wp6sr.dll," which implements the processing of WordPerfect documents. When processing certain records, data is copied from the file into a fixed-size stack buffer without ensuring that enough space is available. By overflowing the buffer, an attacker can overwrite control flow structures stored on the stack.

Note that this issue affects products that use Autonomy KeyView SDK. These include IBM Lotus Notes and Symantec products.

II. Impact

An unauthenticated attacker may be able to execute arbitrary code or cause a vulnerable system to crash.

III. Solution

Apply updates

Developers should contact Autonomy KeyView support for information on how to obtain updated software that addresses this issue.

IBM Lotus Notes has released an alert to address this issue.

Symantec has released SYM09-004 to address this issue.

Systems Affected

Vendor	Status	Date Updated
Autonomy	Vulnerable	2009-03-19
IBM Corporation	Vulnerable	2009-03-19
Symantec	Vulnerable	2009-03-19

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774
https://customers.autonomy.com/support/login.jsp?notLoggedIn=true&origURL=%2Fsecure%2Fdocs%2FUpdates%2FKeyview%2FFilter+SDK%2F10.4%2Fkv_update_nti40_10.4.zip.readme.html
http://www-01.ibm.com/support/docview.wss?uid=swg21377573
http://secunia.com/advisories/34307/
http://securityresponse.symantec.com/avcenter/security/Content/2009.03.17a.html
http://secunia.com/advisories/34318/

Credit

This issue was made public by iDefense.

This document was written by Chris Taschner.

Other Information

Date Public:	2009-03-17
Date First Published:	2009-03-19
Date Last Updated:	2009-04-30
CERT Advisory:
CVE-ID(s):	CVE-2008-4564
NVD-ID(s):	CVE-2008-4564
US-CERT Technical Alerts:
Metric:	6.00
Document Revision:	9

Original Source

Url : http://www.kb.cert.org/vuls/id/276563

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Type	Description	Count
Application	Autonomy Keyview Export Sdk cpe:2.3:a:autonomy:keyview_export_sdk:10.4:::::::* cpe:2.3:a:autonomy:keyview_export_sdk:10.3:::::::* cpe:2.3:a:autonomy:keyview_export_sdk:10:::::::* cpe:2.3:a:autonomy:keyview_export_sdk:9.2.0:::::::* cpe:2.3:a:autonomy:keyview_export_sdk:2.0:::::::* cpe:2.3:a:autonomy:keyview_export_sdk::::::::	6
Application	Autonomy Keyview Filter Sdk cpe:2.3:a:autonomy:keyview_filter_sdk:10.4:::::::* cpe:2.3:a:autonomy:keyview_filter_sdk:10.3:::::::* cpe:2.3:a:autonomy:keyview_filter_sdk:10:::::::* cpe:2.3:a:autonomy:keyview_filter_sdk:9.2.0:::::::* cpe:2.3:a:autonomy:keyview_filter_sdk:2.0:::::::* cpe:2.3:a:autonomy:keyview_filter_sdk::::::::	6
Application	Autonomy Keyview Viewer Sdk cpe:2.3:a:autonomy:keyview_viewer_sdk:10.4:::::::* cpe:2.3:a:autonomy:keyview_viewer_sdk:10.3:::::::* cpe:2.3:a:autonomy:keyview_viewer_sdk:10:::::::* cpe:2.3:a:autonomy:keyview_viewer_sdk:9.2.0:::::::* cpe:2.3:a:autonomy:keyview_viewer_sdk:2.0:::::::* cpe:2.3:a:autonomy:keyview_viewer_sdk::::::::	6
Application	Ibm Lotus Notes cpe:2.3:a:ibm:lotus_notes:8.0:::::::* cpe:2.3:a:ibm:lotus_notes:7.0.3:::::::* cpe:2.3:a:ibm:lotus_notes:7.0.2:::::::* cpe:2.3:a:ibm:lotus_notes:7.0.2::fp1::::: cpe:2.3:a:ibm:lotus_notes:7.0.1:::::::* cpe:2.3:a:ibm:lotus_notes:7.0:::::::* cpe:2.3:a:ibm:lotus_notes:6.5.6::fp2::::: cpe:2.3:a:ibm:lotus_notes:6.5.6:::::::* cpe:2.3:a:ibm:lotus_notes:6.5.5::fp2::::: cpe:2.3:a:ibm:lotus_notes:6.5.5::fp3::::: cpe:2.3:a:ibm:lotus_notes:6.5.5:::::::* cpe:2.3:a:ibm:lotus_notes:6.5.4:::::::* cpe:2.3:a:ibm:lotus_notes:6.5.3:::::::* cpe:2.3:a:ibm:lotus_notes:6.5.2:::::::* cpe:2.3:a:ibm:lotus_notes:6.5.1:::::::* cpe:2.3:a:ibm:lotus_notes:6.5:::::::* cpe:2.3:a:ibm:lotus_notes:6.0.5:::::::* cpe:2.3:a:ibm:lotus_notes:6.0.4:::::::* cpe:2.3:a:ibm:lotus_notes:6.0.3:::::::* cpe:2.3:a:ibm:lotus_notes:6.0.2:::::::* cpe:2.3:a:ibm:lotus_notes:6.0.1:::::::* cpe:2.3:a:ibm:lotus_notes:6.0:::::::* cpe:2.3:a:ibm:lotus_notes:5.0.3:::::::* cpe:2.3:a:ibm:lotus_notes:5.0.12:::::::*	24
Application	Symantec Altiris Deployment Solution cpe:2.3:a:symantec:altiris_deployment_solution::::::::	1
Application	Symantec Brightmail cpe:2.3:a:symantec:brightmail:5.0::appliance:::::	1
Application	Symantec Data Loss Prevention Detection Servers cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1::linux::::: cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1::windows::::: cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.0:::::::* cpe:2.3:a:symantec:data_loss_prevention_detection_servers:7.0:::::::*	4
Application	Symantec Data Loss Prevention Endpoint Agents cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:8.1:::::::* cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:8.0:::::::*	2
Application	Symantec Enforce cpe:2.3:a:symantec:enforce:8.1::linux::::: cpe:2.3:a:symantec:enforce:8.1::windows::::: cpe:2.3:a:symantec:enforce:8.0:::::::* cpe:2.3:a:symantec:enforce:7.0:::::::*	4
Application	Symantec Mail Security cpe:2.3:a:symantec:mail_security:7.5.5.32::domino::::: cpe:2.3:a:symantec:mail_security:7.5.3.25::domino::::: cpe:2.3:a:symantec:mail_security:7.5..4.29::domino::::: cpe:2.3:a:symantec:mail_security:6.0.7:microsoft_exchange:::::: cpe:2.3:a:symantec:mail_security:6.0.6:microsoft_exchange:::::: cpe:2.3:a:symantec:mail_security:5.0.11::microsoft_exchange::::: cpe:2.3:a:symantec:mail_security:5.0.10::microsoft_exchange::::: cpe:2.3:a:symantec:mail_security:5.0.1.200::smtp::::: cpe:2.3:a:symantec:mail_security:5.0.1.189::smtp::::: cpe:2.3:a:symantec:mail_security:5.0.1.182::smtp::::: cpe:2.3:a:symantec:mail_security:5.0.1.181::smtp::::: cpe:2.3:a:symantec:mail_security:5.0.1::smtp::::: cpe:2.3:a:symantec:mail_security:5.0.0.24::appliance::::: cpe:2.3:a:symantec:mail_security:5.0.0:::::::* cpe:2.3:a:symantec:mail_security:5.0.0::smtp::::: cpe:2.3:a:symantec:mail_security:5.0::appliance:::::	16

OpenVAS Exploits

Date	Description
2009-03-20	Name : Ubuntu USN-735-1 (gst-plugins-base0.10) File : nvt/ubuntu_735_1.nasl
2009-03-20	Name : Ubuntu USN-736-1 (gst-plugins-good0.10) File : nvt/ubuntu_736_1.nasl
2009-03-20	Name : Ubuntu USN-737-1 (libsoup) File : nvt/ubuntu_737_1.nasl
2009-03-20	Name : Ubuntu USN-739-1 (amarok) File : nvt/ubuntu_739_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
52713	Autonomy KeyView SDK wp6sr.dll Word Perfect Document Handling Overflow

Snort® IPS/IDS

Date	Description
2015-07-08	IBM Lotus Notes WPD attachment handling buffer overflow attempt RuleID : 34632 - Revision : 2 - Type : SERVER-MAIL
2014-01-10	IBM Lotus Notes WPD attachment handling buffer overflow attempt RuleID : 17777 - Revision : 11 - Type : SERVER-MAIL

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	70
osvdb(s)	1
Openvas Exploit(s)	4
Snort® Rule(s)	2

	Related
9.3	CVE-2008-4564
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)