Directory Traversal Vulnerability in Autonomy KeyView SDK Used in Lotus Notes
CVE-2005-2619

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Notes; Keyview Viewer Sdk; Keyview Export Sdk; Keyview Filter Sdk
Vendor: CVE Published:; 31 December 2005

Summary

A directory traversal vulnerability exists in the kvarcve.dll component of Autonomy's KeyView SDK, prior to version 9.2.0. This flaw affects Lotus Notes versions 6.5.4 and 7.0 by allowing remote attackers to manipulate file paths in ZIP, UUE, or TAR archives. By including directory traversal sequences (..), attackers can potentially delete arbitrary files when generating document previews, posing a significant threat to data integrity.

References

http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2006/0500

vdb-entryx_refsource_VUPEN

http://www.osvdb.org/23066

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Dec 31, 2005
Vulnerability Reserved
Aug 17, 2005