ID CVE-2008-5698
Summary HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • cpe:2.3:o:kde:kde:3.5.9
    cpe:2.3:o:kde:kde:3.5.9
  • cpe:2.3:o:kde:kde:3.5.10
    cpe:2.3:o:kde:kde:3.5.10
  • cpe:2.3:a:kde:konqueror
    cpe:2.3:a:kde:konqueror
CVSS
Base: 4.3 (as of 22-12-2008 - 14:42)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description Konqueror 3.5.9 (load) Remote Crash Vulnerability. CVE-2008-5698. Dos exploit for linux platform
file exploits/linux/dos/6718.html
id EDB-ID:6718
last seen 2016-02-01
modified 2008-10-10
platform linux
port
published 2008-10-10
reporter Jeremy Brown
source https://www.exploit-db.com/download/6718/
title Konqueror 3.5.9 load Remote Crash Vulnerability
type dos
refmap via4
bid 31696
exploit-db 6718
secunia 32208
sreason 4796
vupen ADV-2008-2915
xf konqueror-load-dos(45804)
statements via4
contributor Joshua Bressers
lastmodified 2009-01-19
organization Red Hat
statement Red Hat does not consider a crash of a client application such as Konqueror to be a security issue.
Last major update 09-05-2009 - 01:26
Published 22-12-2008 - 10:30
Last modified 28-09-2017 - 21:32
Back to Top