CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
21.0%
Mitre CVE reports:
Format string vulnerability in main.cpp in kpopup
0.9.1-0.9.5pre2 allows local users to cause a denial of
service (segmentation fault) and possibly execute
arbitrary code via format string specifiers in command
line arguments.
misc.cpp in KPopup 0.9.1 trusts the PATH variable when
executing killall, which allows local users to elevate
their privileges by modifying the PATH variable to
reference a malicious killall program.
SecurityFocus credits “b0f” [email protected]