8.8
CVE-2007-6593
- EPSS 6.3%
- Veröffentlicht 28.12.2007 21:46:00
- Zuletzt bearbeitet 16.06.2026 22:48:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Lotus Notes Version5.0
Ibm ≫ Lotus Notes Version6.0
Ibm ≫ Lotus Notes Version6.5
Ibm ≫ Lotus Notes Version7.0
Ibm ≫ Lotus Notes Version8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.3% | 0.927 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 8.6 | 9.2 |
AV:N/AC:M/Au:N/C:C/I:C/A:N
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://lists.grok.org.uk/pipermail/full-disclosure/2007-November/058680.html
http://secunia.com/advisories/27835
http://secunia.com/advisories/27836
http://secunia.com/advisories/27849
http://securityreason.com/securityalert/3499
http://securitytracker.com/id?1019002
http://www.coresecurity.com/index.php5?action=item&id=2008
http://www.ibm.com/support/docview.wss?rs=475&uid=swg21285600
http://www.securityfocus.com/archive/1/484272/100/0/threaded
http://www.securityfocus.com/bid/26604
http://www.securitytracker.com/id?1019096
http://www.vupen.com/english/advisories/2007/4012
http://www.vupen.com/english/advisories/2007/4020
https://exchange.xforce.ibmcloud.com/vulnerabilities/38645