CVE-2005-0404

KMail 1.7.1 in KDE 3.3.2 - Email Spoofing via HTML Formatted Email

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0404. PoCs published by Noam Rathaus.

AI-analyzed exploit summary This exploit demonstrates a remote email message content spoofing vulnerability in KDE KMail by sending a crafted HTML email that spoofs header fields and content, potentially aiding in phishing attacks.

Description

KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Noam Rathaus · perlremotelinux

https://www.exploit-db.com/exploits/25375

View Code ZIP pw:eip

This exploit demonstrates a remote email message content spoofing vulnerability in KDE KMail by sending a crafted HTML email that spoofs header fields and content, potentially aiding in phishing attacks.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: KDE KMail (versions affected by CVE-2005-0404)

No auth needed

Prerequisites: Access to an SMTP server · Target email address

MITRE ATT&CK

T1566.001 - Spearphishing Attachment

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory mailing-list x_refsource_mlist

http://mail.kde.org/pipermail/kmail-devel/2005-February/015490.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/14925

Exploit, Patch, Vendor Advisory x_refsource_misc

http://bugs.kde.org/show_bug.cgi?id=96020

Exploit, Patch, Vendor Advisory x_refsource_misc

http://www.securiteam.com/unixfocus/5GP0B0AFFE.html

Scores

EPSS 0.0298

EPSS Percentile 85.5%

Details

Status published

Products (2)

kde/kde 3.3.2

kmail/kmail 1.7.1

Published May 02, 2005

Tracked Since Feb 18, 2026