CVE-2010-1511

KDE SC 4.0.0-4.4.3 - Arbitrary File Overwrite via Metalink File

Title source: llm
STIX 2.1

Description

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.

References (16)

Core 16
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/40141
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-938-1
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/511279/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/511294/100/0/threaded
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1144
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2010-70/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58629
Vendor Advisory x_refsource_confirm
http://www.kde.org/info/security/advisory-20100513-1.txt
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3096
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=127378789518426&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39528
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1142
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023984
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/64689
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39787

Scores

EPSS 0.0570
EPSS Percentile 90.5%

Details

CWE
CWE-264
Status published
Products (29)
kde/kde_sc 2.2.0
kde/kde_sc 3.5.10
kde/kde_sc 4.0.0 (9 CPE variants)
kde/kde_sc 4.0.1
kde/kde_sc 4.0.2
kde/kde_sc 4.0.3
kde/kde_sc 4.0.4
kde/kde_sc 4.0.5
kde/kde_sc 4.1.0 (5 CPE variants)
kde/kde_sc 4.1.1
... and 19 more
Published May 17, 2010
Tracked Since Feb 18, 2026