CVE-2006-6660

KDE libkhtml < 4.2.0 - Denial of Service via Malformed HTML Tags

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-6660. PoCs published by Federico L. Bossi Bonin.

AI-analyzed exploit summary This exploit leverages a denial-of-service vulnerability in KDE libkhtml by convincing a victim to open a malicious HTML document. The malformed HTML tags trigger a crash in applications like Konqueror or kmail.

Description

The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Federico L. Bossi Bonin · textdoslinux

https://www.exploit-db.com/exploits/29296

View Code ZIP pw:eip

This exploit leverages a denial-of-service vulnerability in KDE libkhtml by convincing a victim to open a malicious HTML document. The malformed HTML tags trigger a crash in applications like Konqueror or kmail.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: KDE libkhtml (versions prior to fix for CVE-2006-6660)

No auth needed

Prerequisites: Victim must open the malicious HTML document in an affected application

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Federico L. Bossi Bonin · htmldoslinux

https://www.exploit-db.com/exploits/2954

View Code ZIP pw:eip

This exploit triggers a segmentation fault in KDE's libkhtml (version <= 4.2.0) by providing malformed HTML tags, leading to a denial-of-service (DoS) condition. The crash occurs due to unhandled parsing exceptions in the DOM::Node::nodeType function.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: KDE libkhtml <= 4.2.0 (Konqueror 3.5.2, kmail 1.9.1)

No auth needed

Prerequisites: Target must use vulnerable KDE libkhtml version · Target must render the malicious HTML

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit x_refsource_misc

http://downloads.securityfocus.com/vulnerabilities/exploits/21662.html

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21662

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/5071

Scores

EPSS 0.0236

EPSS Percentile 81.6%

Details

Status published

Products (1)

kde/libkhtml < 4.2.0

Published Dec 20, 2006

Tracked Since Feb 18, 2026