Verity KeyView Viewer SDK kvarcve.dll Compressed File Preview Traversal Arbitrary File Deletion

2006-02-10T09:47:53
ID OSVDB:23066
Type osvdb
Reporter Carsten Eiram(), Tan Chew Keong(vuln@secunia.com)
Modified 2006-02-10T09:47:53

Description

Vulnerability Description

Verity KeyView Viewer SDK contains a flaw that allows a remote attacker to delete arbitrary files. The issue is due to 'kvarcve.dll' not properly checking the filenames of compressed files in ZIP, UUE, and TAR archives for traversal style attacks (../../) when generating their previews.

Solution Description

Upgrade to version 8.2, 9.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Verity KeyView Viewer SDK contains a flaw that allows a remote attacker to delete arbitrary files. The issue is due to 'kvarcve.dll' not properly checking the filenames of compressed files in ZIP, UUE, and TAR archives for traversal style attacks (../../) when generating their previews.

References:

Vendor URL: http://www.verity.com/products/oem/keyview/features/keyview_viewing_sdk.html Vendor URL: http://www.verity.com/products/oem_solutions/keyview/ Vendor Specific Advisory URL Security Tracker: 1015657 Secunia Advisory ID:16100 Secunia Advisory ID:16280 Related OSVDB ID: 23064 Related OSVDB ID: 23065 Related OSVDB ID: 23067 Related OSVDB ID: 23068 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0184.html FrSIRT Advisory: ADV-2006-0500 CVE-2005-2619