CVE-2005-2619

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Notes; Keyview Viewer Sdk; Keyview Export Sdk; Keyview Filter Sdk
Vendor: CVE Published:; 31 December 2005

Summary

Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview.

References

http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2006/0500

vdb-entryx_refsource_VUPEN

http://www.osvdb.org/23066

vdb-entryx_refsource_OSVDB

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 31, 2005
Vulnerability Reserved
Aug 17, 2005