ID CVE-2003-0988
Summary Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.
References
Vulnerable Configurations
  • cpe:2.3:o:kde:kde:3.1.0
    cpe:2.3:o:kde:kde:3.1.0
  • cpe:2.3:o:kde:kde:3.1.1
    cpe:2.3:o:kde:kde:3.1.1
  • cpe:2.3:o:kde:kde:3.1.2
    cpe:2.3:o:kde:kde:3.1.2
  • cpe:2.3:o:kde:kde:3.1.3
    cpe:2.3:o:kde:kde:3.1.3
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_KDEPIM_314_1.NASL
    description The following package needs to be updated: kdepim
    last seen 2016-09-26
    modified 2004-07-06
    plugin id 12557
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12557
    title FreeBSD : kdepim exploitable buffer overflow in VCF reader (84)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-003.NASL
    description A vulnerability was discovered in all versions of kdepim as distributed with KDE versions 3.1.0 through 3.1.4. This vulnerability allows for a carefully crafted .VCF file to potentially enable a local attacker to compromise the privacy of a victim's data or execute arbitrary commands with the victim's privileges. This can also be used by remote attackers if the victim enables previews for remote files; however this is disabled by default. The provided packages contain a patch from the KDE team to correct this problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14103
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14103
    title Mandrake Linux Security Advisory : kdepim (MDKSA-2004:003)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-005.NASL
    description Updated kdepim packages are now available that fix a local buffer overflow vulnerability. The K Desktop Environment (KDE) is a graphical desktop for the X Window System. The KDE Personal Information Management (kdepim) suite helps you to organize your mail, tasks, appointments, and contacts. The KDE team found a buffer overflow in the file information reader of VCF files. An attacker could construct a VCF file so that when it was opened by a victim it would execute arbitrary commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0988 to this issue. Users of kdepim are advised to upgrade to these erratum packages which contain a backported security patch that corrects this issue.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 12447
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12447
    title RHEL 3 : kdepim (RHSA-2004:005)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_DA6F265B8F3D11D88B290020ED76EF5A.NASL
    description A buffer overflow is present in some versions of the KDE personal information manager (kdepim) which may be triggered when processing a specially crafted VCF file.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 36298
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36298
    title FreeBSD : kdepim exploitable buffer overflow in VCF reader (da6f265b-8f3d-11d8-8b29-0020ed76ef5a)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2004-133.NASL
    description The KDE team found a buffer overflow in the file information reader of VCF files. An attacker could construct a VCF file so that when it was opened by a victim it would execute arbitrary commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0988 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 13708
    published 2004-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13708
    title Fedora Core 1 : kdepim-3.1.4-2 (2004-133)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200404-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-200404-02 (KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability) A buffer overflow may occur in KDE-PIM's VCF file reader when a maliciously crafted VCF file is opened by a user on a vulnerable system. Impact : A remote attacker may unauthorized access to a user's personal data or execute commands with the user's privileges. Workaround : A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 14467
    published 2004-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14467
    title GLSA-200404-02 : KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability
oval via4
  • accepted 2007-04-25T19:53:02.420-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    description Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.
    family unix
    id oval:org.mitre.oval:def:858
    status accepted
    submitted 2004-03-20T12:00:00.000-04:00
    title Red Hat kdepim VCF File Information Reader BO
    version 34
  • accepted 2007-04-25T19:53:03.917-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Matt Busby
      organization The MITRE Corporation
    • name Thomas R. Jones
      organization Maitreya Security
    description Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.
    family unix
    id oval:org.mitre.oval:def:865
    status accepted
    submitted 2004-03-20T12:00:00.000-04:00
    title Red Hat Enterprise 3 kdepim VCF File Information Reader BO
    version 33
redhat via4
advisories
  • rhsa
    id RHSA-2004:005
  • rhsa
    id RHSA-2004:006
refmap via4
bid 9419
bugtraq 20040114 KDE Security Advisory: VCF file information reader vulnerability
cert-vn VU#820798
conectiva CLA-2004:810
confirm http://www.kde.org/info/security/advisory-20040114-1.txt
gentoo GLSA-200404-02
mandrake MDKSA-2004:003
xf kde-kdepim-bo(14833)
Last major update 17-10-2016 - 22:38
Published 17-02-2004 - 00:00
Last modified 09-10-2017 - 21:30
Back to Top