{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-08T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "28140", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28140"}, {"name": "28209", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28209"}, {"name": "autonomy-keyview-kvdocve-bo(41725)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41725"}, {"name": "ADV-2008-1156", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1156"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453"}, {"name": "28454", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28454"}, {"name": "28210", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28210"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2008-12/advisory/"}, {"name": "20080414 Secunia Research: Lotus Notes kvdocve.dll Path Processing BufferOverflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/490826/100/0/threaded"}, {"name": "ADV-2008-1153", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1153"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2008-1101", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "28140", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28140"}, {"name": "28209", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28209"}, {"name": "autonomy-keyview-kvdocve-bo(41725)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41725"}, {"name": "ADV-2008-1156", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1156"}, {"name": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453", "refsource": "CONFIRM", "url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453"}, {"name": "28454", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28454"}, {"name": "28210", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28210"}, {"name": "http://secunia.com/secunia_research/2008-12/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2008-12/advisory/"}, {"name": "20080414 Secunia Research: Lotus Notes kvdocve.dll Path Processing BufferOverflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/490826/100/0/threaded"}, {"name": "ADV-2008-1153", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1153"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:08:57.415Z"}, "title": "CVE Program Container", "references": [{"name": "28140", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28140"}, {"name": "28209", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28209"}, {"name": "autonomy-keyview-kvdocve-bo(41725)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41725"}, {"name": "ADV-2008-1156", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1156"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453"}, {"name": "28454", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28454"}, {"name": "28210", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28210"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2008-12/advisory/"}, {"name": "20080414 Secunia Research: Lotus Notes kvdocve.dll Path Processing BufferOverflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/490826/100/0/threaded"}, {"name": "ADV-2008-1153", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1153"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2008-1101", "datePublished": "2008-04-10T18:00:00", "dateReserved": "2008-02-29T00:00:00", "dateUpdated": "2024-08-07T08:08:57.415Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:autonomy:keyview:2.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E6634684-2416-4A5C-A5C7-B1E946B33419", "vulnerable": true}, {"criteria": "cpe:2.3:a:autonomy:keyview:10.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "589D3BC2-ED1F-4C5B-8F94-67AE1909580D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E234AD1-7202-421E-82C8-880E84876021", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "68AEB13D-C7C6-426F-8484-85EFF7245DF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "3449A490-865A-4262-8482-429DEF455644", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_notes:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F01C5CFC-7FB8-4D29-95AC-8EF59B0C170D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en el motor del visor de documentos KeyView de Autonomy (anteriormente Verity) KeyView, usado por IBM Lotus Notes 7.0.2 y 7.0.3, permite a atacantes remotos  ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un nombre de ruta largo, como se ha demostrado usando un atributo SRC largo en una etiqueta IMG de un documento HTML."}], "id": "CVE-2008-1101", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-04-10T18:05:00.000", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28140"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28209"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28210"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2008-12/advisory/"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/archive/1/490826/100/0/threaded"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/bid/28454"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.vupen.com/english/advisories/2008/1153"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.vupen.com/english/advisories/2008/1156"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41725"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28140"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28209"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28210"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2008-12/advisory/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/490826/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28454"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1153"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1156"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41725"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}