Vulnerability Description
Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Autonomy | Keyview | 2.0.0.2 |
| Ibm | Lotus Notes | 6.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/28140Vendor Advisory
- http://secunia.com/advisories/28209Vendor Advisory
- http://secunia.com/advisories/28210Vendor Advisory
- http://secunia.com/secunia_research/2008-12/advisory/Vendor Advisory
- http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
- http://www.securityfocus.com/archive/1/490826/100/0/threaded
- http://www.securityfocus.com/bid/28454
- http://www.vupen.com/english/advisories/2008/1153
- http://www.vupen.com/english/advisories/2008/1156
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41725
- http://secunia.com/advisories/28140Vendor Advisory
- http://secunia.com/advisories/28209Vendor Advisory
- http://secunia.com/advisories/28210Vendor Advisory
- http://secunia.com/secunia_research/2008-12/advisory/Vendor Advisory
- http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
FAQ
What is CVE-2008-1101?
CVE-2008-1101 is a vulnerability with a CVSS score of 9.3 (HIGH). Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary co...
How severe is CVE-2008-1101?
CVE-2008-1101 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1101?
Check the references section above for vendor advisories and patch information. Affected products include: Autonomy Keyview, Ibm Lotus Notes.