CVE - CVE-2005-2618

CVE-ID
CVE-2005-2618	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via (1) a UUE file containing an encoded file with a long filename handled by uudrdr.dll, (2) a compressed ZIP file with a long filename handled by kvarcve.dll, (3) a TAR archive with a long filename that is extracted to a directory with a long path handled by the TAR reader (tarrdr.dll), (4) an email that contains a long HTTP, FTP, or // link handled by the HTML speed reader (htmsr.dll) or (5) an email containing a crafted long link handled by the HTML speed reader (htmsr.dll).
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:16576 URL:http://www.securityfocus.com/bid/16576 BUGTRAQ:20060210 Secunia Research: Lotus Notes HTML Speed Reader Link BufferOverflows URL:http://www.securityfocus.com/archive/1/424692/100/0/threaded BUGTRAQ:20060210 Secunia Research: Lotus Notes TAR Reader File Extraction BufferOverflow URL:http://www.securityfocus.com/archive/1/424666/100/0/threaded BUGTRAQ:20060210 Secunia Research: Lotus Notes UUE File Handling Buffer Overflow URL:http://www.securityfocus.com/archive/1/424689/100/0/threaded BUGTRAQ:20060210 Secunia Research: Lotus Notes ZIP File Handling Buffer Overflow URL:http://www.securityfocus.com/archive/1/424626/100/0/threaded CERT-VN:VU#884076 URL:http://www.kb.cert.org/vuls/id/884076 CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918 MISC:http://secunia.com/secunia_research/2005-32/advisory/ MISC:http://secunia.com/secunia_research/2005-34/advisory/ MISC:http://secunia.com/secunia_research/2005-36/advisory/ MISC:http://secunia.com/secunia_research/2005-37/advisory/ MISC:http://secunia.com/secunia_research/2005-66/advisory/ OSVDB:23064 URL:~~http://www.osvdb.org/23064~~ (Obsolete source) OSVDB:23065 URL:~~http://www.osvdb.org/23065~~ (Obsolete source) OSVDB:23066 URL:~~http://www.osvdb.org/23066~~ (Obsolete source) OSVDB:23067 URL:~~http://www.osvdb.org/23067~~ (Obsolete source) OSVDB:23068 URL:~~http://www.osvdb.org/23068~~ (Obsolete source) SECTRACK:1015657 URL:http://securitytracker.com/id?1015657 SECUNIA:16100 URL:http://secunia.com/advisories/16100 SECUNIA:16280 URL:http://secunia.com/advisories/16280 VUPEN:ADV-2006-0500 URL:~~http://www.vupen.com/english/advisories/2006/0500~~ (Obsolete source) VUPEN:ADV-2006-0501 URL:~~http://www.vupen.com/english/advisories/2006/0501~~ (Obsolete source) XF:lotus-htmsr-link-bo(24639) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/24639 XF:lotus-kvarcve-filename-bo(24635) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/24635 XF:lotus-tarrdr-filename-bo(24638) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/24638 XF:lotus-uudrdr-uue-bo(24636) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/24636
Assigning CNA
MITRE Corporation
Date Record Created
20050817	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050817)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)