Ubuntu Security Notice 871-1: KDE vulnerability

44
Article Source Ubuntu Security Notices
December 10, 2009, 6:29 pm
 
A buffer overflow was found in the KDE libraries when converting a string to a floating point number. If a user or application linked against kdelibs were tricked into processing crafted input, an attacker could cause a denial of service (via application crash) or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0689) It was discovered that the KDE libraries could use KHTML to process an unknown MIME type. If a user or application linked against kdelibs were tricked into opening a crafted file, an attacker could potentially trigger XMLHTTPRequests to remote sites…
 
Read More¬â€