OSVDB ID: 86826

Title: KDE Konqueror khtml/rendering/render_replaced.cpp Iframe Context Menu Widget Rendering Use-after-free Arbitrary Code Execution

Info

Disclosure

Oct 10, 2012

Discovery

Unknown

Dates

Exploit

Oct 10, 2012

Solution

Unknown

Description

KDE Konqueror contains a use-after-free flaw in khtml/rendering/render_replaced.cpp (kdelibs) that is triggered during the rendering of widgets that are used in context menus of an iframe. This may allow a context-dependent attacker to execute arbitrary code.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, a patch has been committed to the source code repository that addresses this vulnerability. Until it is incorporated into the next release of the software, manually patching an existing installation is the only known available solution. Check the vendor advisory or solution URL in the references section.

Products

KDE Project

Konqueror

4.7.3

References

CVE ID: 2012-4515 (see also: NVD)
Exploit Database: 22406
Secunia Advisory ID: 51097 51375
Bugtraq ID: 55879
ISS X-Force ID: 79288
Related OSVDB ID: 86825 86827 86847
Mail List Post: http://seclists.org/bugtraq/2012/Nov/4
http://seclists.org/oss-sec/2012/q4/65
Vendor URL: http://www.kde.org/
Other Advisory URL: http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc
Vendor Specific News/Changelog Entry: https://bugzilla.novell.com/show_bug.cgi?id=729829
https://bugzilla.novell.com/show_bug.cgi?id=787520
Vendor Specific Solution URL: https://projects.kde.org/projects/kde/kdelibs/repository/revisions/4f2eb356f1c23444fff2cfe0a7ae10efe303d6d8

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86826