CVE-2008-1101: Buffer Overflow
First published: Thu Apr 10 2008(Updated: )
Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document.
Credit: PSIRT-CNA@flexerasoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Lotus Notes | =6.0 | |
| Autonomy KeyView | =10.3.0.0 | |
| Autonomy KeyView | =2.0.0.2 | |
| IBM Lotus Notes | =7.0 | |
| IBM Lotus Notes | =7.0.3 | |
| IBM Lotus Notes | =6.5 | |
| IBM Lotus Notes | =7.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/secunia_research/2008-12/advisory/
- http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
- http://www.securityfocus.com/bid/28454
- http://secunia.com/advisories/28140
- http://secunia.com/advisories/28209
- http://secunia.com/advisories/28210
- http://www.vupen.com/english/advisories/2008/1153
- http://www.vupen.com/english/advisories/2008/1156
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41725
- http://www.securityfocus.com/archive/1/490826/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm lotus notes
- version/ibm lotus notes/6.0
- vendor/autonomy
- canonical/autonomy keyview
- version/autonomy keyview/10.3.0.0
- version/autonomy keyview/2.0.0.2
- version/ibm lotus notes/7.0
- version/ibm lotus notes/7.0.3
- version/ibm lotus notes/6.5
- version/ibm lotus notes/7.0.2