Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3413

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3413
Last Modified 08 Aug 2012 12:00:00
Published 07 Aug 2012 04:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3413

Summary

The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email.

Vulnerable Systems

Application

  • Kde Pim 4.6

  • Kde Pim 4.8


References

CONFIRM - https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54

MLIST - [oss-security] 20120717 Re: CVE Request: KDE Pim

MLIST - [oss-security] 20120716 Re: CVE Request: KDE Pim

MLIST - [oss-security] 20120713 Re: CVE Request: KDE Pim

MLIST - [oss-security] 20120713 CVE Request: KDE Pim

UBUNTU - USN-1512-1

SECUNIA - 50008

FEDORA - FEDORA-2012-10411

FEDORA - FEDORA-2012-10410


Last Updated: 27 May 2016 10:55:02