Lucene search

UbuntuUSN-245-1

HistoryJan 20, 2006 - 12:00 a.m.

KDE library vulnerability

2006-01-2000:00:00

ubuntu.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.173 Low

EPSS

Percentile

96.1%

JSON

Releases

Ubuntu 5.10
Ubuntu 5.04

Details

Maksim Orlovich discovered that kjs, the Javascript interpreter engine
used by Konqueror and other parts of KDE, did not sufficiently verify
the validity of UTF-8 encoded URIs. Specially crafted URIs could
trigger a buffer overflow. By tricking an user into visiting a
web site with malicious JavaScript code, a remote attacker could
exploit this to execute arbitrary code with user privileges.

OSVersionArchitecturePackageVersionFilename
Ubuntu5.10noarchkdelibs4c2< *UNKNOWN
Ubuntu5.04noarchkdelibs4c2< *UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	5.10	noarch	kdelibs4c2	< *	UNKNOWN
Ubuntu	5.04	noarch	kdelibs4c2	< *	UNKNOWN

References

ubuntu.com/security/CVE-2006-0019

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.173 Low

EPSS

Percentile

96.1%

JSON

Related for USN-245-1