CVE-2007-1308

Konqueror - Denial of Service via FTP iframe Content Access

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1308. PoCs published by mark.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in KDE Konqueror 3.5.5 by triggering a null pointer exception via a crafted HTML file with JavaScript that manipulates an iframe.

Description

ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mark · htmldoslinux

https://www.exploit-db.com/exploits/29713

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service vulnerability in KDE Konqueror 3.5.5 by triggering a null pointer exception via a crafted HTML file with JavaScript that manipulates an iframe.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: KDE Konqueror 3.5.5

No auth needed

Prerequisites: Victim must open the malicious HTML file in a vulnerable version of Konqueror

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/22814

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-0909.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/461897/100/0/threaded

Exploit, Patch mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052793.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/0886

Various Sources x_refsource_misc

http://bindshell.net/advisories/konq355/konq355-patch.diff

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-447-1

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2007:054

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27108

Exploit, Patch, Vendor Advisory x_refsource_misc

http://bindshell.net/advisories/konq355

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10551

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/2345

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/32798

Scores

EPSS 0.0819

EPSS Percentile 94.1%

Details

CWE

CWE-399

Status published

Products (1)

kde/konqueror 3.5.5

Published Mar 07, 2007

Tracked Since Feb 18, 2026