KDE KMail Long Attachment Filename Denial of Service Vulnerability

A buffer overflow vulnerability exists in versions of kmail, up to and including version 1.0.29.1. By sending an attachment with a filename in excess of approximately 250 bytes, it is possible to cause the mail recipient's kmail to crash. It is possible that this overflow could be further exploited to actually execute remote commands on the machine the mail is read on; this has not been demonstrated, however, and it appears to not be the case.


 

Privacy Statement
Copyright 2010, SecurityFocus