USN-725-1 -- kdepim vulnerabilityID: oval:org.secpod.oval:def:700368 | Date: (C)2011-05-13 (M)2021-06-02 |
Class: PATCH | Family: unix |
It was discovered that Kmail did not adequately prevent execution of arbitrary code when a user clicked on a URL to an executable within an HTML mail. If a user clicked on a malicious URL and chose to execute the file, a remote attacker could execute arbitrary code with user privileges. This update changes KMail"s behavior to instead launch a helper program to view the file if the user chooses to execute such a link.
Platform: |
Ubuntu 7.10 |
Ubuntu 8.04 |
Ubuntu 6.06 |
Ubuntu 8.10 |