OSVDB ID: 23065

Title: Verity KeyView Viewer SDK uudrdr.dll UUE Filename Overflow

Info

Disclosure
Feb 10, 2006

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 A remote overflow exists in Verity KeyView Viewer SDK. 'uudrdr.dll' fails to perform bounds checking on filenames of UUE files, resulting in a stack based overflow. With a specially crafted UUE file, an attacker can cause arbitrary code execution when the file is opened in an application using the vulnerable viewer, resulting in a loss of integrity.

Classification

 Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Commercial
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

 Upgrade to version 8.2, 9.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Autonomy

Verity KeyView Viewer SDK

 7.0a
7.4

International Business Machines Corporation

Lotus Notes

 6.5.3
6.0.4
6.0
6.0.1
6.0.1.1
6.0.1.2
6.0.1.3
6.0.2.1
6.0.2.2
6.0.3
6.0.5
6.5
6.5.1
6.5.2
6.5.2.1
6.5.3.1
7.0
6.5.4

References

Credit
  • Tan Chew Keong - vulnsecunia.com - Secunia Research


Direct URL: http://osvdb.org/23065