| Vulnerability Name: | CVE-2005-2618 (CCN-24635) | ||||||||
| Assigned: | 2005-12-31 | ||||||||
| Published: | 2005-12-31 | ||||||||
| Updated: | 2018-10-19 | ||||||||
| Summary: | Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via (1) a UUE file containing an encoded file with a long filename handled by uudrdr.dll, (2) a compressed ZIP file with a long filename handled by kvarcve.dll, (3) a TAR archive with a long filename that is extracted to a directory with a long path handled by the TAR reader (tarrdr.dll), (4) an email that contains a long HTTP, FTP, or // link handled by the HTML speed reader (htmsr.dll) or (5) an email containing a crafted long link handled by the HTML speed reader (htmsr.dll). | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-2618 Source: CCN Type: SA16100 Verity KeyView SDK Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 16100 Source: CCN Type: SA16280 IBM Lotus Notes Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 16280 Source: MISC Type: Vendor Advisory http://secunia.com/secunia_research/2005-32/advisory/ Source: MISC Type: Vendor Advisory http://secunia.com/secunia_research/2005-34/advisory/ Source: MISC Type: Vendor Advisory http://secunia.com/secunia_research/2005-36/advisory/ Source: MISC Type: Vendor Advisory http://secunia.com/secunia_research/2005-37/advisory/ Source: MISC Type: Vendor Advisory http://secunia.com/secunia_research/2005-66/advisory/ Source: CCN Type: SECTRACK ID: 1015657 IBM Lotus Domino/Notes Archive Processing Buffer Overflow and Directory Traversal Bugs Let Remote Users Execute Arbitrary Code and Delete Files Source: SECTRACK Type: Patch 1015657 Source: CCN Type: Lotus Support Services Technote 1229918 Potential Buffer Overflow and Directory Traversal Vulnerabilities in Lotus Notes File Viewers Source: CONFIRM Type: Patch http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918 Source: CCN Type: IBM Software Support Web site Lotus Support Source: CCN Type: US-CERT VU#884076 IBM Lotus Notes ZIP file handling buffer overflow Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#884076 Source: OSVDB Type: Patch 23064 Source: OSVDB Type: Patch 23065 Source: OSVDB Type: Patch 23066 Source: OSVDB Type: Patch 23067 Source: OSVDB Type: Patch 23068 Source: CCN Type: OSVDB ID: 23064 Verity KeyView Viewer SDK kvarcve.dll Compressed File Pathname Generation Overflow Source: CCN Type: OSVDB ID: 23065 Verity KeyView Viewer SDK uudrdr.dll UUE Filename Overflow Source: CCN Type: OSVDB ID: 23066 Verity KeyView Viewer SDK kvarcve.dll Compressed File Preview Traversal Arbitrary File Deletion Source: CCN Type: OSVDB ID: 23067 Verity KeyView Viewer SDK tarrdr.dll TAR Extraction Overflow Source: CCN Type: OSVDB ID: 23068 Verity KeyView Viewer SDK htmsr.dll Link Processing Overflow Source: BUGTRAQ Type: UNKNOWN 20060210 Secunia Research: Lotus Notes ZIP File Handling Buffer Overflow Source: BUGTRAQ Type: UNKNOWN 20060210 Secunia Research: Lotus Notes TAR Reader File Extraction BufferOverflow Source: BUGTRAQ Type: UNKNOWN 20060210 Secunia Research: Lotus Notes UUE File Handling Buffer Overflow Source: BUGTRAQ Type: UNKNOWN 20060210 Secunia Research: Lotus Notes HTML Speed Reader Link BufferOverflows Source: BID Type: UNKNOWN 16576 Source: CCN Type: BID-16576 IBM Lotus Notes File Attachment Handling Multiple Remote Vulnerabilities Source: CCN Type: Verity Web site Verity Products - Keyview Source: VUPEN Type: UNKNOWN ADV-2006-0500 Source: VUPEN Type: Vendor Advisory ADV-2006-0501 Source: XF Type: UNKNOWN lotus-kvarcve-filename-bo(24635) Source: XF Type: UNKNOWN lotus-kvarcve-filename-bo(24635) Source: XF Type: UNKNOWN lotus-uudrdr-uue-bo(24636) Source: XF Type: UNKNOWN lotus-tarrdr-filename-bo(24638) Source: XF Type: UNKNOWN lotus-htmsr-link-bo(24639) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2005-2618 (CCN-24636) | ||||||||
| Assigned: | 2005-08-17 | ||||||||
| Published: | 2006-02-10 | ||||||||
| Updated: | 2006-02-10 | ||||||||
| Summary: | IBM Lotus Notes isvulnerable to a stack-based buffer overflow in uudrdr.dll. By creating a malicious UUE file containing an encoded file with an overly long file name, a remote attacker could overflow a buffer and execute arbitrary code on the system once the file is opened from within the Notes attachment viewer.
Note: This vulnerability also affects Verity KeyView SDK. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-2618 Source: CCN Type: SA16100 Verity KeyView SDK Multiple Vulnerabilities Source: CCN Type: SA16280 IBM Lotus Notes Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1015657 IBM Lotus Domino/Notes Archive Processing Buffer Overflow and Directory Traversal Bugs Let Remote Users Execute Arbitrary Code and Delete Files Source: CCN Type: Lotus Support Services Technote 1229918 Potential Buffer Overflow and Directory Traversal Vulnerabilities in Lotus Notes File Viewers Source: CCN Type: IBM Software Support Web site Lotus Support Source: CCN Type: US-CERT VU#884076 IBM Lotus Notes ZIP file handling buffer overflow Source: CCN Type: OSVDB ID: 23064 Verity KeyView Viewer SDK kvarcve.dll Compressed File Pathname Generation Overflow Source: CCN Type: OSVDB ID: 23065 Verity KeyView Viewer SDK uudrdr.dll UUE Filename Overflow Source: CCN Type: OSVDB ID: 23066 Verity KeyView Viewer SDK kvarcve.dll Compressed File Preview Traversal Arbitrary File Deletion Source: CCN Type: OSVDB ID: 23067 Verity KeyView Viewer SDK tarrdr.dll TAR Extraction Overflow Source: CCN Type: OSVDB ID: 23068 Verity KeyView Viewer SDK htmsr.dll Link Processing Overflow Source: CCN Type: BID-16576 IBM Lotus Notes File Attachment Handling Multiple Remote Vulnerabilities Source: CCN Type: Verity Web site Verity Products - Keyview Source: XF Type: UNKNOWN lotus-uudrdr-uue-bo(24636) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2005-2618 (CCN-24638) | ||||||||
| Assigned: | 2005-08-17 | ||||||||
| Published: | 2006-02-10 | ||||||||
| Updated: | 2006-02-10 | ||||||||
| Summary: | IBM Lotus Notes is vulnerable to a stack-based buffer overflow in tarrdr.dll. By creating a malicious TAR archive containing a compressed file with an overly long file name, a remote attacker could overflow a buffer and execute arbitrary code on the system once the file is extracted from within the Notes attachment viewer.
Note: This vulnerability also affects Verity KeyView SDK. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-2618 Source: CCN Type: SA16100 Verity KeyView SDK Multiple Vulnerabilities Source: CCN Type: SA16280 IBM Lotus Notes Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1015657 IBM Lotus Domino/Notes Archive Processing Buffer Overflow and Directory Traversal Bugs Let Remote Users Execute Arbitrary Code and Delete Files Source: CCN Type: Lotus Support Services Technote 1229918 Potential Buffer Overflow and Directory Traversal Vulnerabilities in Lotus Notes File Viewers Source: CCN Type: IBM Software Support Web site Lotus Support Source: CCN Type: US-CERT VU#884076 IBM Lotus Notes ZIP file handling buffer overflow Source: CCN Type: OSVDB ID: 23064 Verity KeyView Viewer SDK kvarcve.dll Compressed File Pathname Generation Overflow Source: CCN Type: OSVDB ID: 23065 Verity KeyView Viewer SDK uudrdr.dll UUE Filename Overflow Source: CCN Type: OSVDB ID: 23066 Verity KeyView Viewer SDK kvarcve.dll Compressed File Preview Traversal Arbitrary File Deletion Source: CCN Type: OSVDB ID: 23067 Verity KeyView Viewer SDK tarrdr.dll TAR Extraction Overflow Source: CCN Type: OSVDB ID: 23068 Verity KeyView Viewer SDK htmsr.dll Link Processing Overflow Source: CCN Type: BID-16576 IBM Lotus Notes File Attachment Handling Multiple Remote Vulnerabilities Source: CCN Type: Verity Web site Verity Products - Keyview Source: XF Type: UNKNOWN lotus-tarrdr-filename-bo(24638) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2005-2618 (CCN-24639) | ||||||||
| Assigned: | 2005-08-17 | ||||||||
| Published: | 2006-02-10 | ||||||||
| Updated: | 2006-02-10 | ||||||||
| Summary: | IBM Lotus Notes is vulnerable to multiple stack-based buffer overflows in HTML speed reader (htmsr.dll). By sending a malicious email containing an overly long http://, ftp:// or // URL or an overly long link to a local file, a remote attacker could overflow a buffer and execute arbitrary code on the system once the victim clicks the vulnerable link.
Note: This vulnerability also affects Verity KeyView SDK. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-2618 Source: CCN Type: SA16100 Verity KeyView SDK Multiple Vulnerabilities Source: CCN Type: SA16280 IBM Lotus Notes Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1015657 IBM Lotus Domino/Notes Archive Processing Buffer Overflow and Directory Traversal Bugs Let Remote Users Execute Arbitrary Code and Delete Files Source: CCN Type: Lotus Support Services Technote 1229918 Potential Buffer Overflow and Directory Traversal Vulnerabilities in Lotus Notes File Viewers Source: CCN Type: IBM Software Support Web site Lotus Support Source: CCN Type: US-CERT VU#884076 IBM Lotus Notes ZIP file handling buffer overflow Source: CCN Type: OSVDB ID: 23064 Verity KeyView Viewer SDK kvarcve.dll Compressed File Pathname Generation Overflow Source: CCN Type: OSVDB ID: 23065 Verity KeyView Viewer SDK uudrdr.dll UUE Filename Overflow Source: CCN Type: OSVDB ID: 23066 Verity KeyView Viewer SDK kvarcve.dll Compressed File Preview Traversal Arbitrary File Deletion Source: CCN Type: OSVDB ID: 23067 Verity KeyView Viewer SDK tarrdr.dll TAR Extraction Overflow Source: CCN Type: OSVDB ID: 23068 Verity KeyView Viewer SDK htmsr.dll Link Processing Overflow Source: CCN Type: BID-16576 IBM Lotus Notes File Attachment Handling Multiple Remote Vulnerabilities Source: CCN Type: Verity Web site Verity Products - Keyview Source: XF Type: UNKNOWN lotus-htmsr-link-bo(24639) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||