CVE-2008-0066

Name of the Vulnerable Software and Affected Versions Autonomy KeyView versions 7.0.2 through 7.0.3

Description The issue concerns multiple buffer overflows in the htmsr.dll component of Autonomy KeyView, which is used by IBM Lotus Notes. These overflows can be triggered by an HTML document containing large chunks of data, a long URL in the BACKGROUND attribute of a BODY element, or a long URL in the SRC attribute of an IMG element. This can allow remote attackers to execute arbitrary code.

Recommendations For versions 7.0.2 and 7.0.3, consider disabling the htmsr.dll component until a patch is available to prevent potential exploitation. Restrict access to HTML documents with large chunks of data or long URLs in the BACKGROUND attribute of a BODY element or the SRC attribute of an IMG element to minimize the risk of exploitation.