Autonomy KeyView contains an overflow condition in kvarcve.dll. The issue is triggered as user-supplied input is not properly validated when parsing ZIP files. With a specially crafted file, a remote or context-dependent attacker can cause a buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

• OVAL ID: 14238
• CVE ID: 2011-1218 (see also: NVD)
• Secunia Advisory ID: 44273 44624 44736
• Bugtraq ID: 47962
• ISS X-Force ID: 67625
• Related OSVDB ID: 72705 72706 72707 72708 72709 72710
• Vendor Specific News/Changelog Entry: http://www.ibm.com/support/docview.wss?uid=swg21500034
  http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20111006_00

• iDefense Labs - iDefense Labs