7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.028 Low
EPSS
Percentile
90.5%
KDE Personal Information Management suite “kdepim” contains a buffer overflow vulnerability. Exploitation of this vulnerability could lead to the arbitrary execution of commands.
KDE Personal Information Management suite shipped with KDE versions 3.1.0 through 3.1.4 contains a buffer overflow vulnerability in the processing of VCF files.
If an attacker can trick a victim into opening a specially crafted .VCF file, the attacker may be able to gain information about a victim’s data or execute arbitrary commands
with the victim’s privileges. This vulnerability may also be remotely exploited if the victim has previews for remote files enabled, however this feature is disabled by default.
An attacker may be able to gain information about a victim’s data or execute arbitrary commands with the victim’s privileges.
Upgrade to KDE version 3.1.5 or apply the patch to version 3.1.4.
820798
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: January 27, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000810
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23820798 Feedback>).
Updated: January 27, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see <http://www.kde.org/info/security/advisory-20040114-1.txt>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23820798 Feedback>).
Updated: January 27, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see <http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:003>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23820798 Feedback>).
Updated: January 27, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see <https://rhn.redhat.com/errata/RHSA-2004-006.html>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23820798 Feedback>).
Updated: January 27, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.442811
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23820798 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was discovered by Dirk Mueller of KDE and reported in their advisory.
This document was written by Stacey Stewart.
CVE IDs: | CVE-2003-0988 |
---|---|
Severity Metric: | 8.10 Date Public: |