Buffer Overflow in KeyView Document Viewing Engine Used by IBM Lotus Notes
CVE-2008-1101

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Notes; Keyview
Vendor: CVE Published:; 10 April 2008

Summary

A buffer overflow vulnerability exists in the kvdocve.dll component of the KeyView document viewing engine, which is utilized in IBM Lotus Notes versions 7.0.2 and 7.0.3. This flaw can be exploited by remote attackers to execute arbitrary code on the affected system. This is accomplished through the use of excessive pathname lengths, particularly demonstrated by the SRC attribute of an IMG tag within an HTML document. Proper safeguards and updates should be implemented to mitigate potential risks associated with this vulnerability.

References

http://secunia.com/advisories/28140

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/28209

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/41725

vdb-entryx_refsource_XF

EPSS Score

34% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 10, 2008
Vulnerability Reserved
Feb 29, 2008