Lucene search

[email protected]NVD:CVE-2008-1101

HistoryApr 10, 2008 - 6:05 p.m.

CVE-2008-1101

2008-04-1018:05:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.514

Percentile

97.6%

JSON

Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document.

Affected configurations

Nvd

Node

autonomykeyviewMatch2.0.0.2

autonomykeyviewMatch10.3.0.0

ibmlotus_notesMatch6.0

ibmlotus_notesMatch6.5

ibmlotus_notesMatch7.0

ibmlotus_notesMatch7.0.2

ibmlotus_notesMatch7.0.3

VendorProductVersionCPE
autonomykeyview2.0.0.2cpe:2.3:a:autonomy:keyview:2.0.0.2:*:*:*:*:*:*:*
autonomykeyview10.3.0.0cpe:2.3:a:autonomy:keyview:10.3.0.0:*:*:*:*:*:*:*
ibmlotus_notes6.0cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*
ibmlotus_notes6.5cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
ibmlotus_notes7.0cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
ibmlotus_notes7.0.2cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*
ibmlotus_notes7.0.3cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
autonomy	keyview	2.0.0.2	cpe:2.3:a:autonomy:keyview:2.0.0.2:::::::*
autonomy	keyview	10.3.0.0	cpe:2.3:a:autonomy:keyview:10.3.0.0:::::::*
ibm	lotus_notes	6.0	cpe:2.3:a:ibm:lotus_notes:6.0:::::::*
ibm	lotus_notes	6.5	cpe:2.3:a:ibm:lotus_notes:6.5:::::::*
ibm	lotus_notes	7.0	cpe:2.3:a:ibm:lotus_notes:7.0:::::::*
ibm	lotus_notes	7.0.2	cpe:2.3:a:ibm:lotus_notes:7.0.2:::::::*
ibm	lotus_notes	7.0.3	cpe:2.3:a:ibm:lotus_notes:7.0.3:::::::*

References

secunia.com/advisories/28140

secunia.com/advisories/28209

secunia.com/advisories/28210

secunia.com/secunia_research/2008-12/advisory/

www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453

www.securityfocus.com/archive/1/490826/100/0/threaded

www.securityfocus.com/bid/28454

www.vupen.com/english/advisories/2008/1153

www.vupen.com/english/advisories/2008/1156

exchange.xforce.ibmcloud.com/vulnerabilities/41725

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.514

Percentile

97.6%

JSON

Related for NVD:CVE-2008-1101

prion1 securityvulns2 cvelist1 cve1 nessus2