Remote Code Execution Vulnerability in Ark by KDE
CVE-2017-5330

7.8HIGH

Key Information:

Vendor
Fedoraproject
Status
Fedora
Vendor
CVE Published:
27 March 2017

Summary

Ark, prior to version 16.12.1, is susceptible to a vulnerability that enables remote attackers to execute arbitrary code. This threat arises from the improper handling of executable files within archives, which can be exploited by maliciously crafted content. Ensuring you have the latest version of Ark is critical to mitigate this security risk.

References

https://security.gentoo.org/glsa/201701-69
vendor-advisoryx_refsource_GENTOO
https://bugs.kde.org/show_bug.cgi?id=374572
x_refsource_CONFIRM
https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a11...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.