CVE-2008-1101

Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/28140	Vendor Advisory
http://secunia.com/advisories/28209	Vendor Advisory
http://secunia.com/advisories/28210	Vendor Advisory
http://secunia.com/secunia_research/2008-12/advisory/	Vendor Advisory
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
http://www.securityfocus.com/archive/1/490826/100/0/threaded
http://www.securityfocus.com/bid/28454
http://www.vupen.com/english/advisories/2008/1153
http://www.vupen.com/english/advisories/2008/1156
https://exchange.xforce.ibmcloud.com/vulnerabilities/41725

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:autonomy:keyview:2.0.0.2:::::::*
	cpe:2.3:a:autonomy:keyview:10.3.0.0:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.0:::::::*
	cpe:2.3:a:ibm:lotus_notes:6.5:::::::*
	cpe:2.3:a:ibm:lotus_notes:7.0:::::::*
	cpe:2.3:a:ibm:lotus_notes:7.0.2:::::::*
	cpe:2.3:a:ibm:lotus_notes:7.0.3:::::::*

History

No history.

Information

Published : 2008-04-10 18:05

Updated : 2023-12-10 10:51

NVD link : CVE-2008-1101

Mitre link : CVE-2008-1101

CVE.ORG link : CVE-2008-1101

JSON object : View

Products Affected

autonomy

keyview

ibm

lotus_notes

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2008-1101", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-04-10T18:05:00.000", "references": [{"url": "http://secunia.com/advisories/28140", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/advisories/28209", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/advisories/28210", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/secunia_research/2008-12/advisory/", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securityfocus.com/archive/1/490826/100/0/threaded", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securityfocus.com/bid/28454", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.vupen.com/english/advisories/2008/1153", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.vupen.com/english/advisories/2008/1156", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41725", "source": "PSIRT-CNA@flexerasoftware.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en el motor del visor de documentos KeyView de Autonomy (anteriormente Verity) KeyView, usado por IBM Lotus Notes 7.0.2 y 7.0.3, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un nombre de ruta largo, como se ha demostrado usando un atributo SRC largo en una etiqueta IMG de un documento HTML."}], "lastModified": "2018-10-11T20:29:29.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:autonomy:keyview:2.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6634684-2416-4A5C-A5C7-B1E946B33419"}, {"criteria": "cpe:2.3:a:autonomy:keyview:10.3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "589D3BC2-ED1F-4C5B-8F94-67AE1909580D"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E234AD1-7202-421E-82C8-880E84876021"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68AEB13D-C7C6-426F-8484-85EFF7245DF5"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3449A490-865A-4262-8482-429DEF455644"}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F01C5CFC-7FB8-4D29-95AC-8EF59B0C170D"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}