Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK prior to 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote malicious users to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
autonomy keyview viewer sdk |
||
ibm lotus notes 6.0.1 |
||
ibm lotus notes 6.0.2 |
||
ibm lotus notes 6.5.3 |
||
ibm lotus notes 6.5.4 |
||
ibm lotus notes 6.0.5 |
||
ibm lotus notes 6.5 |
||
ibm lotus notes 6.0.3 |
||
ibm lotus notes 6.0.4 |
||
ibm lotus notes 7.0 |
||
autonomy keyview export sdk |
||
autonomy keyview filter sdk |
||
ibm lotus notes 6.5.1 |
||
ibm lotus notes 6.5.2 |