CVE-2003-1167

KPopup 0.9.1 - Privilege Escalation

Title source: llm

Description

misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.

Exploits (1)

exploitdb WORKING POC VERIFIED

by b0f · clocallinux

https://www.exploit-db.com/exploits/23308

View Code ZIP pw:eip

References (5)

[Patch] http://www.osvdb.org/2742

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/13540

[Exploit, Patch] http://www.securityfocus.com/bid/8915

[Exploit] http://www.securityfocus.com/archive/1/342736

[Patch] http://secunia.com/advisories/10105

Scores

EPSS 0.0021

EPSS Percentile 42.5%

Details

Status published

Products (2)

gernot_stocker/kpopup 0.9.1

gernot_stocker/kpopup 0.9.5_pre2

Published Dec 31, 2003

Tracked Since Feb 18, 2026