CVE-2005-2618

Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via (1) a UUE file containing an encoded file with a long filename handled by uudrdr.dll, (2) a compressed ZIP file with a long filename handled by kvarcve.dll, (3) a TAR archive with a long filename that is extracted to a directory with a long path handled by the TAR reader (tarrdr.dll), (4) an email that contains a long HTTP, FTP, or // link handled by the HTML speed reader (htmsr.dll) or (5) an email containing a crafted long link handled by the HTML speed reader (htmsr.dll).

Published: 2005-12-31 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2005-2618 is rated High Risk (66.3/100): CVSS Critical severity, with high exploitation likelihood (EPSS 49.61%, 98th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2005-2618

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-03-30 55.26% 49.61% -5.66%
2 2025-03-29 49.61% 55.26% +5.66%
3 2025-03-23 49.61%

Full EPSS history (9 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2005-2618

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
9.3 2.0 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 8.6 10.0 [email protected]

Weakness enumeration for CVE-2005-2618

Affected software / configurations for CVE-2005-2618

Vendor Product Version Raw CPE
autonomy keyview_export_sdk cpe:2.3:a:autonomy:keyview_export_sdk:*:*:*:*:*:*:*:*
autonomy keyview_filter_sdk cpe:2.3:a:autonomy:keyview_filter_sdk:*:*:*:*:*:*:*:*
autonomy keyview_viewer_sdk cpe:2.3:a:autonomy:keyview_viewer_sdk:*:*:*:*:*:*:*:*
ibm lotus_notes 6.0.1 cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*
ibm lotus_notes 6.0.2 cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*
ibm lotus_notes 6.0.3 cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*
ibm lotus_notes 6.0.4 cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:*
ibm lotus_notes 6.0.5 cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:*
ibm lotus_notes 6.5 cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
ibm lotus_notes 6.5.1 cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*
ibm lotus_notes 6.5.2 cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*
ibm lotus_notes 6.5.3 cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*
ibm lotus_notes 6.5.4 cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*
ibm lotus_notes 7.0 cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*

References for CVE-2005-2618

URL Tags
http://secunia.com/advisories/16100 Patch Vendor Advisory
http://secunia.com/advisories/16280 Patch Vendor Advisory
http://secunia.com/secunia_research/2005-32/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2005-34/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2005-36/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2005-37/advisory/ Vendor Advisory
http://secunia.com/secunia_research/2005-66/advisory/ Vendor Advisory
http://securitytracker.com/id?1015657 Patch
http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918 Patch
http://www.kb.cert.org/vuls/id/884076 Third Party Advisory US Government Resource
http://www.osvdb.org/23064 Patch
http://www.osvdb.org/23065 Patch
http://www.osvdb.org/23066 Patch
http://www.osvdb.org/23067 Patch
http://www.osvdb.org/23068 Patch
http://www.securityfocus.com/archive/1/424626/100/0/threaded
http://www.securityfocus.com/archive/1/424666/100/0/threaded
http://www.securityfocus.com/archive/1/424689/100/0/threaded
http://www.securityfocus.com/archive/1/424692/100/0/threaded
http://www.securityfocus.com/bid/16576
http://www.vupen.com/english/advisories/2006/0500
http://www.vupen.com/english/advisories/2006/0501 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/24635
https://exchange.xforce.ibmcloud.com/vulnerabilities/24636
https://exchange.xforce.ibmcloud.com/vulnerabilities/24638
https://exchange.xforce.ibmcloud.com/vulnerabilities/24639
cvelogic Threat Intelligence