Autonomy Keyview Multiple Vulnerabilities
Last Update Date:
10 Oct 2011 12:26
Release Date:
10 Oct 2011
6163
Views
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities have been identified in Autonomy Keyview, which can be exploited by malicious people to compromise a vulnerable system.
- An integer overflow error in jtdsr.dll when parsing QLST chunks within Ichitaro documents can be exploited to cause a heap-based buffer overflow.
- A boundary error in jtdsr.dll when parsing Ichitaro documents with a chunk containing "Text" data blocks can be exploited to cause a heap-based buffer overflow.
- A logic error in jtdsr.dll when reconstructing text data from multiple data blocks in an Ichitaro document can be exploited to cause a heap-based buffer overflow.
Successful exploitation of the vulnerabilities allows execution of arbitrary code.
Impact
- Remote Code Execution
System / Technologies affected
- Autonomy KeyView Filter SDK 10.x
- Autonomy KeyView Export SDK 10.x
- Autonomy KeyView Viewing SDK 10.x
- IBM Lotus Notes 8.x
- Symantec Data Loss Prevention Endpoint Agents 10.x
- Symantec Data Loss Prevention Endpoint Agents 11.x
- Symantec Data Loss Prevention Enforce/Detection Servers for Windows 10.x
- Symantec Data Loss Prevention Enforce/Detection Servers for Windows 11.x
- Symantec Mail Security for Domino 7.x
- Symantec Mail Security for Domino 8.x
- Symantec Mail Security for Microsoft Exchange 6.x
- Verity KeyView Export SDK 7.x
- Verity KeyView Export SDK 9.x
- Verity KeyView Filter SDK 7.x
- Verity KeyView Filter SDK 9.x
- Verity KeyView Viewer SDK 7.x
- Verity KeyView Viewer SDK 9.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to fixed version.
Vulnerability Identifier
Source
Related Link
- http://secunia.com/advisories/44225/
- http://secunia.com/advisories/44273/
- http://secunia.com/advisories/44310/
- https://www-304.ibm.com/support/docview.wss?uid=swg21566925
- http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20111006_00
Share with