CVE-2005-2619

Autonomy KeyView SDK <9.2.0 - Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview.

References (11)

Core 11
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0500
Patch vdb-entry x_refsource_osvdb
http://www.osvdb.org/23066
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/424717/100/0/threaded
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015657
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16576
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24637
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16100
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16280

Scores

EPSS 0.0329
EPSS Percentile 87.0%

Details

CWE
CWE-22
Status published
Products (14)
autonomy/keyview_export_sdk
autonomy/keyview_filter_sdk
autonomy/keyview_viewer_sdk
ibm/lotus_notes 6.0.1
ibm/lotus_notes 6.0.2
ibm/lotus_notes 6.0.3
ibm/lotus_notes 6.0.4
ibm/lotus_notes 6.0.5
ibm/lotus_notes 6.5
ibm/lotus_notes 6.5.1
... and 4 more
Published Dec 31, 2005
Tracked Since Feb 18, 2026