CVE-2005-2619 Information
Description
Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0 as used in Lotus Notes 6.5.4 and 7.0 allows remote attackers to delete arbitrary files via a (1) ZIP (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename which is not properly handled when generating a preview.
Reference
http://secunia.com/advisories/16100 http://secunia.com/advisories/16280 http://secunia.com/secunia_research/2005-30/advisory/ http://secunia.com/secunia_research/2005-66/advisory/ http://securitytracker.com/id?1015657 http://www.osvdb.org/23066 http://www.securityfocus.com/archive/1/424717/100/0/threaded http://www.securityfocus.com/bid/16576 http://www.vupen.com/english/advisories/2006/0500 http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918 https://exchange.xforce.ibmcloud.com/vulnerabilities/24637
Share on: