Vulnonym.org

CVE-2007-5399 - Evocative Webs

Description

Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0 as used by IBM Lotus Notes allow remote attackers to execute arbitrary code via a long (1) To (2) Cc (3) Bcc (4) From (5) Date (6) Subject (7) Priority (8) Importance or (9) X-MSMail-Priority header; (10) a long string at the beginning of an RFC2047 encoded-word in a header; (11) a long text string in an RFC2047 encoded-word in a header; or (12) a long Subject header related to creation of an associated filename.

Reference

http://secunia.com/secunia_research/2007-91/advisory/ http://secunia.com/secunia_research/2007-92/advisory/ http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453 http://www.securityfocus.com/bid/28454 http://secunia.com/advisories/28209 http://secunia.com/advisories/28210 http://www.securitytracker.com/id?1019842 http://www.vupen.com/english/advisories/2008/1153 http://www.vupen.com/english/advisories/2008/1156 https://exchange.xforce.ibmcloud.com/vulnerabilities/41723 http://www.securityfocus.com/archive/1/490833/100/0/threaded http://www.securityfocus.com/archive/1/490832/100/0/threaded