Lucene search

[email protected]CVE-2012-3413

HistoryAug 07, 2012 - 8:55 p.m.

CVE-2012-3413

2012-08-0720:55:03

CWE-16

[email protected]

web.nvd.nist.gov

cve-2012-3413

htmlquotecolorer

kde pim

remote code injection

security vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.3%

JSON

The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email.

Affected configurations

NVD

Node

kdekde_pimMatch4.6

kdekde_pimMatch4.8

CPENameOperatorVersion
kde:kde_pimkde kde pimeq4.6
kde:kde_pimkde kde pimeq4.8

CPE	Name	Operator	Version
kde:kde_pim	kde kde pim	eq	4.6
kde:kde_pim	kde kde pim	eq	4.8

References

lists.fedoraproject.org/pipermail/package-announce/2012-July/083946.html

lists.fedoraproject.org/pipermail/package-announce/2012-July/084262.html

secunia.com/advisories/50008

ubuntu.com/usn/usn-1512-1

www.openwall.com/lists/oss-security/2012/07/13/3

www.openwall.com/lists/oss-security/2012/07/13/4

www.openwall.com/lists/oss-security/2012/07/16/3

www.openwall.com/lists/oss-security/2012/07/17/11

projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.3%

JSON

Related for CVE-2012-3413

nessus3 ubuntu1 openvas4 prion1 cvelist1 debiancve1 fedora2 ubuntucve1 nvd1