CVE-2008-0066

Published Apr 10, 2008

Last updated 6 years ago

Overview

Description: Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element.
Source: PSIRT-CNA@flexerasoftware.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:autonomy:keyview:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A31DE25-F7B5-4AEA-B870-2B852F4FD8A3"
          },
          {
            "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3449A490-865A-4262-8482-429DEF455644"
          },
          {
            "criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F01C5CFC-7FB8-4D29-95AC-8EF59B0C170D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References