Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Linux :: General :: a6136.htm

KDE arbitrary code execution using ghostscript
11th Apr 2003 [SBWID-6136]

	KDE arbitrary code execution using ghostscript


	 versions 3.1.x prior to 3.1.1a 
	 versions prior to 3.0.5b


	In                 KDE                 Security                 Advisory
	KDE uses Ghostscript software for processing of PostScript (PS) and  PDF
	files in a way that allows for the execution of arbitrary commands  that
	can be contained in such files.
	An attacker can prepare a malicious PostScript or PDF  file  which  will
	provide the attacker with access to the victim's account and  privileges
	when the victim opens this  malicious  file  for  viewing  or  when  the
	victim browses a directory containing such malicious file and  has  file
	previews enabled.
	An attacker can provide malicious files  remotely  to  a  victim  in  an
	e-mail, as part of a webpage, via  an  ftp  server  and  possible  other
	The vulnerabilities potentially enable  local  or  remote  attackers  to
	compromise the privacy of a vicitim's  data  and  to  execute  arbitrary
	shell commands with the victim's privileges, such as  erasing  files  or
	accessing or modifying data.


	Upgrade to latest version.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH