OSVDB ID: 23064

Title: Verity KeyView Viewer SDK kvarcve.dll Compressed File Pathname Generation Overflow

Info

Disclosure
Feb 10, 2006

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 A remote overflow exists in Verity KeyView Viewer SDK. 'kvarcve.dll' fails to perform bounds checking when constructing the full pathname of a compressed file before extracting it from a ZIP archive, resulting in a stack based overflow. With a specially crafted ZIP archive, an attacker can cause arbitrary code execution when a compressed file with a long filename is extracted from within an application using the vulnerable viewer, resulting in a loss of integrity.

Classification

 Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown

Solution

 Upgrade to version 8.2, 9.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Autonomy

Verity KeyView Viewer SDK

 7.0a
7.4

International Business Machines Corporation

Lotus Notes

 6.5.3
6.0.4
6.0
6.0.1
6.0.1.1
6.0.1.2
6.0.1.3
6.0.2.1
6.0.2.2
6.0.3
6.0.5
6.5
6.5.1
6.5.2
6.5.2.1
6.5.3.1
7.0

References

Credit
  • Tan Chew Keong - vulnsecunia.com - Secunia Research


Direct URL: http://osvdb.org/23064