CVE-2008-1101

Autonomy (formerly Verity) KeyView - Buffer Overflow

Title source: llm
STIX 2.1

Description

Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document.

References (10)

Core 10
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28140
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28209
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41725
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1156
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28454
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28210
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490826/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1153

Scores

EPSS 0.0553
EPSS Percentile 91.9%

Details

CWE
CWE-119
Status published
Products (7)
autonomy/keyview 2.0.0.2
autonomy/keyview 10.3.0.0
ibm/lotus_notes 6.0
ibm/lotus_notes 6.5
ibm/lotus_notes 7.0
ibm/lotus_notes 7.0.2
ibm/lotus_notes 7.0.3
Published Apr 10, 2008
Tracked Since Feb 18, 2026