Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows

Re: Secunia Research: Lotus Notes Folio Flat File Parsing Buffer Overflows

From: Luigi Auriemma <aluigi_at_autistici.org>
Date: Tue, 15 Apr 2008 16:20:01 +0200

> Autonomy Keyview Folio Flat File Parsing Buffer Overflows
> Autonomy Keyview Applix Graphics Parsing Vulnerabilities
> Autonomy Keyview EML Reader Buffer Overflows
> activePDF DocConverter Folio Flat File Parsing Buffer Overflows
> activePDF DocConverter Applix Graphics Parsing Vulnerabilities
> Lotus Notes Applix Graphics Parsing Vulnerabilities
> Lotus Notes Folio Flat File Parsing Buffer Overflows
> Lotus Notes EML Reader Buffer Overflows
> Lotus Notes kvdocve.dll Path Processing Buffer Overflow
> Lotus Notes htmsr.dll Buffer Overflows
> Symantec Mail Security Folio Flat File Parsing Buffer Overflows
> Symantec Mail Security Applix Graphics Parsing Vulnerabilities

12 mails for the same library?

>From what I have understood all the bugs are just in this Autonomy
Keyview library so in my opinion reporting the same identical bugs in
each software which uses this thirdy part component and additionally
without saying that the problem in reality is in the library is wrong
and leads to a lot of confusion.

It's just like if someone finds a bug in zlib and releases 10000
advisories, one for each program in the world which uses the library...
the bug is not in these 10000 programs but only in zlib.

---
Luigi Auriemma
http://aluigi.org
Received on Apr 15 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]