---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/ ---------------------------------------------------------------------- TITLE: Verity Keyview SDK Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27304 VERIFY ADVISORY: http://secunia.com/advisories/27304/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Verity KeyView Export SDK 7.x http://secunia.com/product/7989/ Verity KeyView Export SDK 8.x http://secunia.com/product/7997/ Verity KeyView Export SDK 9.x http://secunia.com/product/7998/ Verity KeyView Filter SDK 7.x http://secunia.com/product/7990/ Verity KeyView Filter SDK 8.x http://secunia.com/product/7995/ Verity KeyView Filter SDK 9.x http://secunia.com/product/7996/ Verity KeyView Viewer SDK 7.x http://secunia.com/product/5570/ Verity KeyView Viewer SDK 8.x http://secunia.com/product/7992/ Verity KeyView Viewer SDK 9.x http://secunia.com/product/7994/ DESCRIPTION: Multiple vulnerabilities have been reported in Verity Keyview SDK, which potentially can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to various errors within the file viewers and can be exploited to cause buffer overflows by tricking a user into viewing a specially crafted file. The following file viewers are affected: * mifsr.dll * awsr.dll * kpagrdr.dll * exesr.dll * rtfsr.dll * mwsr.dll * exesr.dll * wp6sr.dll * lasr.dll Successful exploitation may allow execution of arbitrary code. SOLUTION: Secunia is not currently aware of patches for these vulnerabilities. PROVIDED AND/OR DISCOVERED BY: Reported in IBM Lotus Notes advisories crediting: * ZDI * Tan Chew-Keong ORIGINAL ADVISORY: IBM: http://www-1.ibm.com/support/docview.wss?uid=swg21271111 http://www-1.ibm.com/support/docview.wss?uid=swg21272836 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------