ID CVE-2008-5698
Summary HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • cpe:2.3:o:kde:kde:3.5.9:*:*:*:*:*:*:*
    cpe:2.3:o:kde:kde:3.5.9:*:*:*:*:*:*:*
  • cpe:2.3:o:kde:kde:3.5.10:*:*:*:*:*:*:*
    cpe:2.3:o:kde:kde:3.5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:kde:konqueror:*:*:*:*:*:*:*:*
    cpe:2.3:a:kde:konqueror:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 29-09-2017 - 01:32)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 31696
exploit-db 6718
secunia 32208
sreason 4796
vupen ADV-2008-2915
xf konqueror-load-dos(45804)
statements via4
contributor Joshua Bressers
lastmodified 2009-01-19
organization Red Hat
statement Red Hat does not consider a crash of a client application such as Konqueror to be a security issue.
Last major update 29-09-2017 - 01:32
Published 22-12-2008 - 15:30
Back to Top