Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4515

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-4515
Last Modified 12 Nov 2012 04:15:56
Published 11 Nov 2012 08:00:51
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4515

Summary

Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.

Vulnerable Systems

Operating System

  • Kde 4.7.3


References

MLIST - [oss-security] 20121030 Medium risk security flaws in Konqueror

MLIST - [oss-security] 20121011 Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected)

MISC - http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc

SECUNIA - 51145

SECUNIA - 51097

CONFIRM - http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=4f2eb356f1c23444fff2cfe0a7ae10efe303d6d8

BUGTRAQ - 20121030 Medium risk security flaws in Konqueror


Last Updated: 27 May 2016 10:58:27