CVE-2007-6593

Name of the Vulnerable Software and Affected Versions Autonomy KeyView SDK versions used by IBM Lotus Notes 5.x through 8.x

Description The issue is related to multiple stack-based buffer overflows in the l123sr.dll component of the Autonomy KeyView SDK, which is used by IBM Lotus Notes. This can be exploited by user-assisted remote attackers through the Length and Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format. An example of exploitation is a file with a crafted SRANGE record.

Recommendations For IBM Lotus Notes 5.x through 8.x, consider disabling the use of the l123sr.dll component until a patch is available to prevent the exploitation of the buffer overflows in the Length and Value fields for certain Types in Lotus 1-2-3 files.