CVE-2005-2618

Name of the Vulnerable Software and Affected Versions Autonomy KeyView SDK versions prior to 9.2.0 Lotus Notes versions 6.5.4 and 7.0

Description The issue allows remote attackers to execute arbitrary code via multiple stack-based buffer overflows. This can be achieved through various means, including a UUE file with a long filename handled by uudrdr.dll, a compressed ZIP file with a long filename handled by kvarcve.dll, a TAR archive with a long filename extracted to a directory with a long path handled by tarrdr.dll, an email with a long HTTP, FTP, or // link handled by the HTML speed reader htmsr.dll, or an email containing a crafted long link handled by htmsr.dll.

Recommendations For Autonomy KeyView SDK versions prior to 9.2.0, update to version 9.2.0 or later. For Lotus Notes versions 6.5.4 and 7.0, consider disabling the use of uudrdr.dll, kvarcve.dll, tarrdr.dll, and htmsr.dll until a patch is available. Restrict access to emails with long links and compressed files to minimize the risk of exploitation.