Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1158

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1158
Last Modified 21 Aug 2010 12:21:57
Published 10 Jan 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1158

Summary

Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

Vulnerable Systems

Operating System

  • Mandrakesoft Mandrake Linux 10.0

  • Mandrakesoft Mandrake Linux 10.1

  • Redhat Fedora Core Core 2.0

  • Redhat Fedora Core Core 3.0

Application

  • Kde Konqueror 2.1.1

  • Kde Konqueror 2.1.2

  • Kde Konqueror 2.2.1

  • Kde Konqueror 2.2.2

  • Kde Konqueror 3.0

  • Kde Konqueror 3.0.1

  • Kde Konqueror 3.0.2

  • Kde Konqueror 3.0.3

  • Kde Konqueror 3.0.5

  • Kde Konqueror 3.0.5b

  • Kde Konqueror 3.1

  • Kde Konqueror 3.1.1

  • Kde Konqueror 3.1.2

  • Kde Konqueror 3.1.3

  • Kde Konqueror 3.1.4

  • Kde Konqueror 3.1.5

  • Kde Konqueror 3.2.1

  • Kde Konqueror 3.2.2.6

  • Kde Konqueror 3.2.3

  • Kde Konqueror 3.3

  • Kde Konqueror 3.3.1

  • Kde Konqueror 3.3.2


References

BID - 11853

BUGTRAQ - 20041213 KDE Security Advisory: Konqueror Window Injection Vulnerability

REDHAT - RHSA-2005:009

CONFIRM - http://www.kde.org/info/security/advisory-20041213-1.txt

MISC - http://secunia.com/secunia_research/2004-13/advisory/

MISC - http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

SECUNIA - 13254

SUSE - SUSE-SR:2005:001

SECUNIA - 13560

SECUNIA - 13486

SECUNIA - 13477


Last Updated: 27 May 2016 10:38:55