CVE-2005-2619

Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview.

Published: Dec 31, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2619
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
ibm / lotus_notes	6.5.2	6.5.2.x
autonomy / keyview_viewer_sdk	-	-
ibm / lotus_notes	6.0.1	6.0.1.x
ibm / lotus_notes	6.0.2	6.0.2.x
ibm / lotus_notes	7.0	7.0.x
autonomy / keyview_export_sdk	-	-
ibm / lotus_notes	6.0.4	6.0.4.x
ibm / lotus_notes	6.5.4	6.5.4.x
ibm / lotus_notes	6.5.1	6.5.1.x
ibm / lotus_notes	6.0.5	6.0.5.x
ibm / lotus_notes	6.5	6.5.x
ibm / lotus_notes	6.5.3	6.5.3.x
ibm / lotus_notes	6.0.3	6.0.3.x
autonomy / keyview_filter_sdk	-	-

Vulnerability Database

289,697

CVE-2005-2619