KDE LibkHTML NodeType 函数拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111794 漏洞类型 其他
发布时间 2006-12-19 更新时间 2007-06-27
CVE编号 CVE-2006-6660 CNNVD-ID CNNVD-200612-448
漏洞平台 Linux CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/29296
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-448
|漏洞详情
KDElibkhtml4.2.0及更早版本中的nodeType函数,由Konquerer、KMail和其他程序使用时,远程攻击者可以通过畸形的HTML标签发起拒绝服务攻击(崩溃),可能涉及在RANGE标签中内嵌的COLSPAN标签。
|漏洞EXP
source: http://www.securityfocus.com/bid/21662/info

KDE libkhtml is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to open a malicious HTML document via an affected application such as kmail or Konqueror. 

Remote attackers may exploit this issue to crash applications that use the affected library, effectively denying service to legitimate users.

<HTML> <HEAD> <RANGE <COL SPAN <>> <FRAMESET onload > </HEAD> </HTML>
|参考资料

来源:BID
名称:21662
链接:http://www.securityfocus.com/bid/21662
来源:VUPEN
名称:ADV-2006-5071
链接:http://www.frsirt.com/english/advisories/2006/5071
来源:MISC
链接:http://downloads.securityfocus.com/vulnerabilities/exploits/21662.html