CVE-2005-2619

Sažetak

Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview.

Reference

http://secunia.com/advisories/16100
http://secunia.com/advisories/16280
http://secunia.com/secunia_research/2005-30/advisory/
http://secunia.com/secunia_research/2005-66/advisory/
http://securitytracker.com/id?1015657
http://www.osvdb.org/23066
http://www.securityfocus.com/archive/1/424717/100/0/threaded
http://www.securityfocus.com/bid/16576
http://www.vupen.com/english/advisories/2006/0500
http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918
https://exchange.xforce.ibmcloud.com/vulnerabilities/24637

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

19-10-2018 - 15:33

Objavljeno

31-12-2005 - 05:00