PT-2008-1724 · Autonomy+1 · Autonomy Keyview+1
Published
2008-04-10
·
Updated
2018-10-15
·
CVE-2008-0066
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Autonomy KeyView versions 7.0.2 through 7.0.3
Description
The issue concerns multiple buffer overflows in the htmsr.dll component of Autonomy KeyView, which is used by IBM Lotus Notes. These overflows can be triggered by an HTML document containing large chunks of data, a long URL in the BACKGROUND attribute of a BODY element, or a long URL in the SRC attribute of an IMG element. This can allow remote attackers to execute arbitrary code.
Recommendations
For versions 7.0.2 and 7.0.3, consider disabling the htmsr.dll component until a patch is available to prevent potential exploitation. Restrict access to HTML documents with large chunks of data or long URLs in the BACKGROUND attribute of a BODY element or the SRC attribute of an IMG element to minimize the risk of exploitation.
Fix
RCE
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Autonomy Keyview
Ibm Lotus Notes