Insecure File Operation in KGet by KDE
CVE-2010-1511

Currently unrated

Key Information:

Vendor

Kde

Status
Kget
Kde Sc
Vendor
CVE Published:
17 May 2010

What is CVE-2010-1511?

KGet versions from 2.4.2 in KDE Software Compilation 4.0.0 up to 4.4.3 are vulnerable due to inadequate user confirmation before downloading files. This oversight allows remote attackers to exploit the application by sending specially crafted metalink files, which can lead to overwriting arbitrary files on the user’s system. Users of affected versions should apply patches to mitigate this risk and secure their environments.

References

http://www.securityfocus.com/bid/40141
vdb-entryx_refsource_BID
http://www.ubuntu.com/usn/USN-938-1
vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/archive/1/511279/100/0/threaded
mailing-listx_refsource_BUGTRAQ

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.