CVE-2007-1308

KDE Konqueror - Resource Management Error

Title source: rule

Description

ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mark · htmldoslinux

https://www.exploit-db.com/exploits/29713

View Code ZIP pw:eip

References (13)

[Exploit] http://www.securityfocus.com/bid/22814

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2007-0909.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/461897/100/0/threaded

[Exploit, Patch] http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052793.html

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/0886

[Various Sources] http://bindshell.net/advisories/konq355/konq355-patch.diff

[Vendor Advisory] http://www.ubuntu.com/usn/usn-447-1

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2007:054

[Vendor Advisory] http://secunia.com/advisories/27108

[Exploit, Patch, Vendor Advisory] http://bindshell.net/advisories/konq355

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10551

[Third Party Advisory] http://securityreason.com/securityalert/2345

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/32798

Scores

EPSS 0.1458

EPSS Percentile 94.5%

Details

CWE

CWE-399

Status published

Products (1)

kde/konqueror 3.5.5

Published Mar 07, 2007

Tracked Since Feb 18, 2026