Vulnerability Name: | CVE-2008-1101 (CCN-41725) | ||||||||
Assigned: | 2008-04-08 | ||||||||
Published: | 2008-04-08 | ||||||||
Updated: | 2018-10-11 | ||||||||
Summary: | Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document. | ||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-119 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2008-1101 Source: CCN Type: SA28140 activePDF DocConverter Multiple Parsing Vulnerabilities Source: SECUNIA Type: Vendor Advisory 28140 Source: CCN Type: SA28209 Autonomy Keyview SDK Multiple Buffer Overflows Source: SECUNIA Type: Vendor Advisory 28209 Source: CCN Type: SA28210 Lotus Notes Multiple Keyview Parsing Vulnerabilities Source: SECUNIA Type: Vendor Advisory 28210 Source: CCN Type: Secunia Research 08/04/2008 Lotus Notes kvdocve.dll Path Processing Buffer Overflow Source: MISC Type: Vendor Advisory http://secunia.com/secunia_research/2008-12/advisory/ Source: CCN Type: IBM Technote (FAQ) 1298453 Potential security vulnerabilities in Lotus Notes file viewers for Applix Presents, Folio Flat File, HTML speed reader, KeyView and MIME Source: CONFIRM Type: UNKNOWN http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453 Source: CCN Type: IBM Web site Lotus Notes Source: CCN Type: OSVDB ID: 44192 Autonomy Keyview Multiple Products kvdocve.dll Path Handling Overflow Source: BUGTRAQ Type: UNKNOWN 20080414 Secunia Research: Lotus Notes kvdocve.dll Path Processing BufferOverflow Source: BID Type: UNKNOWN 28454 Source: CCN Type: BID-28454 Autonomy KeyView Module Multiple Buffer Overflow Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2008-1153 Source: VUPEN Type: UNKNOWN ADV-2008-1156 Source: XF Type: UNKNOWN autonomy-keyview-kvdocve-bo(41725) Source: XF Type: UNKNOWN autonomy-keyview-kvdocve-bo(41725) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |