• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Autonomy KeyView Multiple Buffer Overflow Vulnerabilities

Severity: CRITICAL

Description:

Autonomy KeyView is a component used in multiple applications. It adds high-speed filtering, the ability to export documents to web-ready HTML or valid XML, and high-fidelity viewing capabilities.

Autonomy KeyView is prone to multiple buffer-overflow vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary code in the context of the user running an affected application.

The following DLLs are affected:

-'wp6sr.dll' used for viewing Wordperfect (.wpd) files. Specially crafted Wordperfect files can cause a stack buffer to overflow when writing to a fixed-size buffer. This issue is documented as IBM SPR# KEMG6X9QED.

-'lasr.dll' used for viewing Ami Pro (.sam) files. Specially crafted Ami Pro files can cause buffer overflows due to 'lstrcpy()' function calls, where the software fails to perform length checks on strings before copying them to a fixed-sized buffer. This issue is documented as IBM SPR# KEMG6XAS48.

-'mifsr.dll' used for viewing FrameMaker Maker Interchange Files (.mif) files. Specially crafted FrameMaker files can cause buffer overflows due to 'strcpy()' and 'strcat()' function calls, where the software fails to perform length checks on strings before copying them to a fixed-sized buffer. Also, incorrect use of 'strncpy()' function calls causes overly long strings to be copied into a fixed-sized buffer. This issue is documented as IBM SPR# KEMG6XPK6A.

-'mwsr.dll' used for viewing Microsoft Word for DOS (.doc) files. Specially crafted Word files can cause buffer overflows due to 'memcpy()' function calls, where the software fails to perform size checks on memory segments copied to a fixed-sized buffer. This issue is documented as IBM SPR# KEMG6XTLDN.

These issues also apply when processing the following document formats:

'awsr.dll' used for processing Applix Words (.aw) files.
'kpagrdr.dll' used for processing Applix Presents (.ag) files.
'exesr.dll' used for processing Dynamic Link Library (.dll) files.
'rtfsr.dll' used for processing Microsoft Rich Text Format (.rtf) files.
'exesr.dll' used for processing Portable Executable (.exe) files.

These issues are documented as IBM SPR# KEMG6R8L3M.

Multiple applications incorporate the vulnerable KeyView component, so are also considered vulnerable to these issues.

NOTE: This document was previously titled 'IBM Lotus Notes Attachment Viewer Multiple Buffer Overflow Vulnerabilities'. It has been updated and relabeled to properly reflect the vulnerable component.

Affected Products:

• ActivePDF DocConverter 3.8.2.5
• Autonomy Keyview Export SDK 7
• Autonomy Keyview Export SDK 8
• Autonomy Keyview Export SDK 9
• Autonomy Keyview Filter SDK 7
• Autonomy Keyview Filter SDK 8
• Autonomy Keyview Filter SDK 9
• Autonomy Keyview Viewer SDK 7
• Autonomy Keyview Viewer SDK 8
• Autonomy Keyview Viewer SDK 9
• IBM Lotus Notes 7.0.2
• Symantec Mail Security Appliance 5.0.0
• Symantec Mail Security Appliance 5.0.0.24
• Symantec Mail Security for Domino 7.5
• Symantec Mail Security for Domino 7.5.0.19
• Symantec Mail Security for Microsoft Exchange 5.0.0
• Symantec Mail Security for Microsoft Exchange 5.0.0.204
• Symantec Mail Security for Microsoft Exchange 5.0.6.368
• Symantec Mail Security for Microsoft Exchange 5.0.7.373
• Symantec Mail Security for SMTP 5.0
• Symantec Mail Security for SMTP 5.0.1

References:

• Autonomy: KeyView Homepage
• IBM: Buffer overflow vulnerability in Lotus Notes file viewers (.wpd, .sam, .doc, and
• IBM: Buffer overflow vulnerability in Lotus Notes file viewers (multiple file formats
• IBM: Lotus Homepage
• Symantec: SYM07-027 Symantec Mail Security KeyView Module Multiple Buffer Overflow
• Symantec: Symantec Mail Security for Domino
• Symantec: Symantec Mail Security for SMTP
• Tan Chew Keong: IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities
• Tan Chew Keong: IBM Lotus Notes lasr.dll SAM Attachment Viewer Buffer Overflow
• Tan Chew Keong: IBM Lotus Notes mifsr.dll MIF Attachment Viewer Buffer Overflow
• Tan Chew Keong: IBM Lotus Notes mwsr.dll DOC Attachment Viewer Buffer Overflow
• Tan Chew Keong: IBM Lotus Notes wp6sr.dll WPD Attachment Viewer Buffer Overflow
• ZeroDay Initiative: ZDI-07-059 Verity KeyView SDK Multiple File Format Parsing Vulnerabilities

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.