Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2619

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2005-2619
Last Modified 07 Mar 2011 09:24:46
Published 31 Dec 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-2619

Summary

Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview.

Vulnerable Systems

Application

  • Autonomy Keyview Export Sdk

  • Autonomy Keyview Filter Sdk

  • Autonomy Keyview Viewer Sdk

  • Ibm Lotus Notes 6.0.1

  • Ibm Lotus Notes 6.0.2

  • Ibm Lotus Notes 6.0.3

  • Ibm Lotus Notes 6.0.4

  • Ibm Lotus Notes 6.0.5

  • Ibm Lotus Notes 6.5

  • Ibm Lotus Notes 6.5.1

  • Ibm Lotus Notes 6.5.2

  • Ibm Lotus Notes 6.5.3

  • Ibm Lotus Notes 6.5.4

  • Ibm Lotus Notes 7.0


References

OSVDB - 23066

CONFIRM - http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918

SECTRACK - 1015657

SECUNIA - 16280

SECUNIA - 16100

XF - lotus-kvarcve-directory-traversal(24637)

VUPEN - ADV-2006-0500

BID - 16576

BUGTRAQ - 20060210 Secunia Research: Lotus Notes Multiple Archive Handling DirectoryTraversal

MISC - http://secunia.com/secunia_research/2005-66/advisory/

MISC - http://secunia.com/secunia_research/2005-30/advisory/


Last Updated: 27 May 2016 10:40:34