SMTP: IBM Lotus Notes MIF Viewer Statement Data Overflow
This signature detects attempts to exploit a known vulnerability in the IBM Lotus Notes. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the currently logged on user.
Extended Description
Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910.
Affected Products
Autonomy keyview_export_sdk
Short Name
SMTP:MAL:IBM-LOTUS-MIF-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SMTP
Keywords
CVE-2007-5909 CVE-2007-5910 Data IBM Lotus MIF Notes Overflow Statement Viewer bid:26175
Release Date
10/04/2016
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Activepdf
Autonomy
Symantec
Ibm
CVSS Score
9.3