CVE-2008-1101

CWE-119Buffer Overflow3 documents3 sources
Severity
9.3CRITICAL
EPSS
23.5%
top 4.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Autonomy KeyviewIBM Lotus Notes
Timeline
PublishedApr 10
Latest updateMay 1

Description

Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDautonomy/keyview10.3.0.0, 2.0.0.2+1
NVDibm/lotus_notes5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-8g44-8fxc-9mj4: Buffer overflow in kvdocve2022-05-01
CVEList
CVE-2008-1101: Buffer overflow in kvdocve2008-04-10
CVE-2008-1101 (CRITICAL CVSS 9.3) | Buffer overflow in kvdocve.dll in t | cvebase.io