Verity KeyView SDK Multiple File Format Parsing Vulnerabilities
1 Nov. 2007
Summary
A vulnerability in IBM's Verity KeyView allows attackers to overflow an internal buffer found in the product which in turn can be used to execute arbitrary code.
Several vulnerabilities exist in the popular Verity KeyView SDK used in many enterprise applications like IBM Lotus Notes. When parsing several different file formats a standard stack overflow occurs allowing a malicious user to gain complete control of the affected machine under the rights of the currently logged in user. The problem lies when copying user supplied data to a stack based buffer without any boundary conditions.
The following file formats have been identified as vulnerable:
Adobe Acrobat FrameMaker - .mif
Applix Words - .aw
Microsoft Rich Text Format - .rtf
Portable Executable - .exe
Dynamic Link Library - .dll
Applix Presents - .ag
Microsoft Word - .doc
