Vulnerability Note VU#820798
KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability in VCF information reader
KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability. Exploitation of this vulnerability could lead to the arbitrary execution of commands.
KDE Personal Information Management suite shipped with KDE versions 3.1.0 through 3.1.4 contains a buffer overflow vulnerability in the processing of VCF files.
If an attacker can trick a victim into opening a specially crafted .VCF file, the attacker may be able to gain information about a victim's data or execute arbitrary commands
An attacker may be able to gain information about a victim's data or execute arbitrary commands with the victim's privileges.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Conectiva||Affected||-||27 Jan 2004|
|KDE Desktop Environment Project||Affected||-||27 Jan 2004|
|MandrakeSoft||Affected||-||27 Jan 2004|
|Red Hat Inc.||Affected||-||27 Jan 2004|
|Slackware||Affected||-||27 Jan 2004|
CVSS Metrics (Learn More)
This vulnerability was discovered by Dirk Mueller of KDE and reported in their advisory.
This document was written by Stacey Stewart.
- CVE IDs: CAN-2003-0988
- Date Public: 14 Jan 2004
- Date First Published: 27 Jan 2004
- Date Last Updated: 27 Jan 2004
- Severity Metric: 8.10
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.