KDE个人信息管理套件VCF文件远程缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1202065 漏洞类型 边界条件错误
发布时间 2004-01-14 更新时间 2009-07-12
CVE编号 CVE-2003-0988 CNNVD-ID CNNVD-200402-052
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/9419
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200402-052
|漏洞详情
KDE是一款免费开放源代码X桌面管理程序,KDE个人信息管理程序(kdepim)套件帮助用户管理EMAIL,任务和联系人等信息。kdepim程序在处理VCF文件信息头时存在缓冲区溢出,远程攻击者可以利用这个漏洞构建恶意VCF文件,诱使用户打开而可能以进程权限执行任意指令。目前没有详细漏洞细节提供。
|受影响的产品
Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux -current Redhat kdepim-devel-3.1-5.i386.rpm Redhat kdepim-3.1-5.i386.rpm Redhat Fedora Core1 Ma
|参考资料
resource:
hyperlink:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000810
resource:
hyperlink:http://marc.info/?l=bugtraq&m=107412130407906&w=2
resource:
hyperlink:http://security.gentoo.org/glsa/glsa-200404-02.xml
resource:US Government Resource
hyperlink:http://www.kb.cert.org/vuls/id/820798
resource:Patch
hyperlink:http://www.kde.org/info/security/advisory-20040114-1.txt
resource:
hyperlink:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:003
resource:Patch
hyperlink:http://www.redhat.com/support/errata/RHSA-2004-005.html
resource:
hyperlink:http://www.redhat.com/support/errata/RHSA-2004-006.html
resource:Patch
hyperlink:http://www.securityfocus.com/bid/9419
resource:
hyperlink:https://exchange.xforce.ibmcloud.com/vulnerabilities/14833
resource:
hyperlink:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A858
resource:
hyperlink:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A865