Denial of Service Vulnerability in Konqueror by KDE
CVE-2008-5698

Currently unrated

Key Information:

Vendor

Kde

Status
Konqueror
Vendor
CVE Published:
22 December 2008

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2008-5698?

The HTMLTokenizer::scriptHandler in Konqueror versions 3.5.9 and 3.5.10 is susceptible to a Denial of Service attack. Remote attackers can exploit this vulnerability by triggering an invalid document.load call, which results in the use of a deleted object, ultimately causing the application to crash. This vulnerability can disrupt user experience and potentially lead to further security risks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-5698 - Proof of Concept

References

http://www.securityfocus.com/bid/31696
vdb-entryx_refsource_BID
http://secunia.com/advisories/32208
third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/2915
vdb-entryx_refsource_VUPEN

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.