Vulnerability Description
Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Autonomy | Keyview Export Sdk | All versions |
| Autonomy | Keyview Filter Sdk | All versions |
| Autonomy | Keyview Viewer Sdk | All versions |
| Ibm | Lotus Notes | 6.0.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/16100PatchVendor Advisory
- http://secunia.com/advisories/16280PatchVendor Advisory
- http://secunia.com/secunia_research/2005-30/advisory/Vendor Advisory
- http://secunia.com/secunia_research/2005-66/advisory/Vendor Advisory
- http://securitytracker.com/id?1015657Patch
- http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918Patch
- http://www.osvdb.org/23066Patch
- http://www.securityfocus.com/archive/1/424717/100/0/threaded
- http://www.securityfocus.com/bid/16576
- http://www.vupen.com/english/advisories/2006/0500
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24637
- http://secunia.com/advisories/16100PatchVendor Advisory
- http://secunia.com/advisories/16280PatchVendor Advisory
- http://secunia.com/secunia_research/2005-30/advisory/Vendor Advisory
- http://secunia.com/secunia_research/2005-66/advisory/Vendor Advisory
FAQ
What is CVE-2005-2619?
CVE-2005-2619 is a vulnerability with a CVSS score of 9.3 (HIGH). Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (...
How severe is CVE-2005-2619?
CVE-2005-2619 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2619?
Check the references section above for vendor advisories and patch information. Affected products include: Autonomy Keyview Export Sdk, Autonomy Keyview Filter Sdk, Autonomy Keyview Viewer Sdk, Ibm Lotus Notes.