CVE-2007-5909

Autonomy KeyView Viewer SDK <9.2.0.12 - RCE

Title source: llm

Description

Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910.

References (17)

Core 17

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/3357

Third Party Advisory x_refsource_misc

http://www.zerodayinitiative.com/advisories/ZDI-07-059.html

Various Sources x_refsource_confirm

http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21271111

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1018853

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/482664

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/3697

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/26175

Various Sources x_refsource_misc

http://vuln.sg/lotusnotes702sam-en.html

Various Sources x_refsource_misc

http://vuln.sg/lotusnotes702mif-en.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/483102/100/0/threaded

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27304

Various Sources x_refsource_confirm

http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21272836

Various Sources x_refsource_misc

http://vuln.sg/lotusnotes702-en.html

Various Sources x_refsource_confirm

http://securityresponse.symantec.com/avcenter/security/Content/2007.11.01c.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1018886

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/3596

Various Sources x_refsource_misc

http://vuln.sg/lotusnotes702doc-en.html

Scores

EPSS 0.2587

EPSS Percentile 96.3%

Details

CWE

CWE-119

Status published

Products (10)

activepdf/docconverter 3.8.2_.5

autonomy/keyview_export_sdk < 9.2.0

autonomy/keyview_filter_sdk < 9.2.0

autonomy/keyview_viewer_sdk < 9.2.0

ibm/lotus_notes < 7.0.2

symantec/mail_security 5.0 (2 CPE variants)

symantec/mail_security 5.0.0

symantec/mail_security 5.0.0.24

symantec/mail_security 5.0.1

symantec/mail_security 7.5

Published Nov 10, 2007

Tracked Since Feb 18, 2026