The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2004-05-20T04:00:00
Updated: 2017-10-10T00:57:01
Reserved: 2004-04-16T00:00:00
Link: CVE-2004-0411
JSON object: View
NVD Information
Status : Analyzed
Published: 2004-07-07T04:00:00.000
Modified: 2024-02-13T18:01:04.940
Link: CVE-2004-0411
JSON object: View
Redhat Information
No data.
CWE