This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a buffer overflow vulnerability in Autonomy Keyview which could result in remote code execution.
Autonomy KeyView Filter is a component used in multiple applications. It adds filtering, viewing, and exporting of documents to web-ready HTML or valid XML.
Autonomy KeyView is prone to a stack-based buffer-overflow vulnerability when handling a LZH archive file. The problem occurs due to an integer overflow when calculating a length value from header information in a malformed archive. That length value is then used in a memory-copy operation causing a stack overflow.
An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious file or email attachment.
Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously discussed in BID 47962 (IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities) but has been given its own record to better document it.