Vulnonym.org

CVE-2008-0066 - Harmonical Mouths

Description

Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView as used by IBM Lotus Notes 7.0.2 and 7.0.3 allow remote attackers to execute arbitrary code via an HTML document with (1) \large chunks of data\ or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element.

Reference

http://secunia.com/secunia_research/2008-3/advisory/ http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453 http://www.securityfocus.com/bid/28454 http://secunia.com/advisories/28140 http://secunia.com/advisories/28209 http://secunia.com/advisories/28210 http://www.securitytracker.com/id?1019843 http://www.vupen.com/english/advisories/2008/1153 http://www.vupen.com/english/advisories/2008/1156 https://exchange.xforce.ibmcloud.com/vulnerabilities/41724 http://www.securityfocus.com/archive/1/490828/100/0/threaded