PT-2008-1479 · Autonomy · Autonomy Keyview
Published
2008-04-10
·
Updated
2018-10-15
·
CVE-2007-5399
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Autonomy KeyView versions 10.3.0.0
Description
The issue is related to multiple heap-based buffer overflows in the EML reader of Autonomy KeyView, which can be exploited by remote attackers to execute arbitrary code. This can be achieved through various means, including:
- a long string in the
To,Cc,Bcc,From,Date,Subject,Priority,Importance, orX-MSMail-Priorityheader, - a long string at the beginning of an RFC2047 encoded-word in a header,
- a long text string in an RFC2047 encoded-word in a header,
- or a long
Subjectheader.
Recommendations
For Autonomy KeyView version 10.3.0.0, consider disabling the EML reader functionality until a patch is available to prevent exploitation. Restrict access to the emlsr.dll module to minimize the risk of arbitrary code execution. Avoid using long strings in headers and encoded-words to reduce the risk of buffer overflows.
Fix
RCE
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Autonomy Keyview