CVE-2005-2618

Published: Dec 31, 2005Modified: Apr 16, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via (1) a UUE file containing an encoded file with a long filename handled by uudrdr.dll, (2) a compressed ZIP file with a long filename handled by kvarcve.dll, (3) a TAR archive with a long filename that is extracted to a directory with a long path handled by the TAR reader (tarrdr.dll), (4) an email that contains a long HTTP, FTP, or // link handled by the HTML speed reader (htmsr.dll) or (5) an email containing a crafted long link handled by the HTML speed reader (htmsr.dll).

Affected (14)

Products: Autonomy: Keyview Export Sdk, Keyview Filter Sdk, Keyview Viewer Sdk · Ibm: Lotus Notes

3 products

1 product

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Autonomy Keyview Export Sdk	All versions
Autonomy Keyview Filter Sdk	All versions
Autonomy Keyview Viewer Sdk	All versions
Ibm Lotus Notes	Version 6.0.1
Ibm Lotus Notes	Version 6.0.2
Ibm Lotus Notes	Version 6.0.3
Ibm Lotus Notes	Version 6.0.4
Ibm Lotus Notes	Version 6.0.5
Ibm Lotus Notes	Version 6.5.1
Ibm Lotus Notes	Version 6.5.2
Ibm Lotus Notes	Version 6.5.3
Ibm Lotus Notes	Version 6.5.4
Ibm Lotus Notes	Version 6.5
Ibm Lotus Notes	Version 7.0

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (52)

http://secunia.com/advisories/16100

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/16280

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/secunia_research/2005-32/advisory/

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/secunia_research/2005-34/advisory/

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/secunia_research/2005-36/advisory/

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/secunia_research/2005-37/advisory/

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/secunia_research/2005-66/advisory/

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1015657

Source: cve@mitre.org

Patch

http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918

Source: cve@mitre.org

Patch

http://www.kb.cert.org/vuls/id/884076

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.osvdb.org/23064

Source: cve@mitre.org

Patch

http://www.osvdb.org/23065

Source: cve@mitre.org

Patch

http://www.osvdb.org/23066

Source: cve@mitre.org

Patch

http://www.osvdb.org/23067

Source: cve@mitre.org

Patch

http://www.osvdb.org/23068

Source: cve@mitre.org

Patch

http://www.securityfocus.com/archive/1/424626/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/424666/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/424689/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/424692/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/16576

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/0500

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/0501

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/24635

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/24636

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/24638

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/24639

Source: cve@mitre.org

http://secunia.com/advisories/16100