eLynx

Security Bulletin

SwiftView update available to address security vulnerability

Identifier:           SBSV-07-10-02

Release Date:    October 02, 2007

Summary

A critical vulnerability has been identified in the SwiftView viewer (SwiftView).  The vulnerability identified could allow an attacker to gain access to a user’s computer that has the SwiftView Active-X control or Mozilla/Firefox browser plugin installed.  The Active-X control and plugin are typically installed automatically when SwiftView is installed.

This vulnerability has been resolved in version 8.3.5; upgrading to this version is strongly recommended for all users.

Affected Software Versions

SwiftView for Windows versions 8.3.4 and earlier are affected.  This includes users that have installed SwiftView for use with the SwiftSend document delivery service. 

Solution

eLynx strongly recommends all users of SwiftView 8.3.4 and earlier versions immediately upgrade to the 8.3.5 version of SwiftView.  The 8.3.5 version of SwiftView is available as follows:

            For SwiftSend Users:
                        http://products.swiftview.com/olhelp.html?id=ss&ctx=LOANDOCS/3.4&ref=

            For Licensed SwiftView Users:
                        http://www.swiftview.com/dload/dlmain.htm?licensed=query

Severity Rating

eLynx categorizes this as a critical issue and recommends that users upgrade to version 8.3.5.

Acknowledgements

eLynx would like to thank Will Dormann of CERT® for working with eLynx to help ensure the security of our products and the security of our customers.

Revision History

October 02, 2007 – Original Release of SBSV-07-10-02

eLynx Disclaimer

EXCEPT FOR THE EXPRESS WARRANTY SET FORTH IN THE SWIFTVIEW OR SWIFTSEND SERVICE OR LICENSE AGREEMENT, COMPANY GRANTS NO WARRANTIES, EITHER EXPRESS OR IMPLIED, WITH REGARD TO ANY PROGRAMS OR PRODUCTS, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND THE STATED EXPRESS WARRANTY IS IN LIEU OF ALL LIABILITIES OR OBLIGATIONS OF COMPANY FOR DAMAGES ARISING OUT OF OR IN CONNECTION WITH THE DELIVERY, USE OR PERFORMANCE OF PROGRAMS. IN NO EVENT SHALL COMPANY BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES.