Secunia Security Advisory - Multiple vulnerabilities have been reported in Verity Keyview SDK, which potentially can be exploited by malicious people to compromise a user's system.
4544a5eadbeaab55e5ff5786e76de037dd0c2fc74104650a9a2e2152ed155d87
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,700 different Windows applications.
Request your account, the Secunia Network Software Inspector (NSI):
http://secunia.com/network_software_inspector/
----------------------------------------------------------------------
TITLE:
Verity Keyview SDK Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA27304
VERIFY ADVISORY:
http://secunia.com/advisories/27304/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Verity KeyView Export SDK 7.x
http://secunia.com/product/7989/
Verity KeyView Export SDK 8.x
http://secunia.com/product/7997/
Verity KeyView Export SDK 9.x
http://secunia.com/product/7998/
Verity KeyView Filter SDK 7.x
http://secunia.com/product/7990/
Verity KeyView Filter SDK 8.x
http://secunia.com/product/7995/
Verity KeyView Filter SDK 9.x
http://secunia.com/product/7996/
Verity KeyView Viewer SDK 7.x
http://secunia.com/product/5570/
Verity KeyView Viewer SDK 8.x
http://secunia.com/product/7992/
Verity KeyView Viewer SDK 9.x
http://secunia.com/product/7994/
DESCRIPTION:
Multiple vulnerabilities have been reported in Verity Keyview SDK,
which potentially can be exploited by malicious people to compromise
a user's system.
The vulnerabilities are caused due to various errors within the file
viewers and can be exploited to cause buffer overflows by tricking a
user into viewing a specially crafted file.
The following file viewers are affected:
* mifsr.dll
* awsr.dll
* kpagrdr.dll
* exesr.dll
* rtfsr.dll
* mwsr.dll
* exesr.dll
* wp6sr.dll
* lasr.dll
Successful exploitation may allow execution of arbitrary code.
SOLUTION:
Secunia is not currently aware of patches for these vulnerabilities.
PROVIDED AND/OR DISCOVERED BY:
Reported in IBM Lotus Notes advisories crediting:
* ZDI
* Tan Chew-Keong
ORIGINAL ADVISORY:
IBM:
http://www-1.ibm.com/support/docview.wss?uid=swg21271111
http://www-1.ibm.com/support/docview.wss?uid=swg21272836
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------