CVE-2012-3413
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email.
La función HTMLQuoteColorer::process en messageviewer/htmlquotecolorer.cpp en KDE PIM v4.6 hasta v4.8 no desabilita JavaScript, Java, ni los complementos, lo que permite a atacantes remotos inyectar secuencias de comandos o HTML a través de un correo manipulado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-06-14 CVE Reserved
- 2012-07-19 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-16: Configuration
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/07/13/3 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2012/07/13/4 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2012/07/16/3 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2012/07/17/11 | Mailing List |
|
| https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083946.html | 2012-08-08 | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084262.html | 2012-08-08 | |
| http://secunia.com/advisories/50008 | 2012-08-08 | |
| http://ubuntu.com/usn/usn-1512-1 | 2012-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Kde Search vendor "Kde" | Kde Pim Search vendor "Kde" for product "Kde Pim" | 4.6 Search vendor "Kde" for product "Kde Pim" and version "4.6" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kde Pim Search vendor "Kde" for product "Kde Pim" | 4.8 Search vendor "Kde" for product "Kde Pim" and version "4.8" | - |
Affected
| ||||||