CVE-2006-7139

Current Description

Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations.

Basic Data

PublishedMarch 07, 2007
Last ModifiedOctober 16, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:H/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score2.6
SeverityLOW
Exploitability Score4.9
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSKdeKde3.5.2*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationKdeK-mail1.9.1*******

Vulnerable Software List

VendorProductVersions
Kde K-mail 1.9.1

References

NameSourceURLTags
20061014 Kmail <= 1.9.1 (table/frameset) DOShttp://archives.neohapsis.com/archives/fulldisclosure/2006-10/0293.htmlFULLDISCExploit
24889http://secunia.com/advisories/24889SECUNIAVendor Advisory
2347http://securityreason.com/securityalert/2347SREASON
SUSE-SR:2007:006http://www.novell.com/linux/security/advisories/2007_6_sr.htmlSUSE
20061015 Re: [Full-disclosure] Kmail <= 1.9.1 (table/frameset) DOShttp://www.securityfocus.com/archive/1/448766/100/0/threadedBUGTRAQ
20061014 Kmail <= 1.9.1 (table/frameset) DOShttp://www.securityfocus.com/archive/1/448768/100/0/threadedBUGTRAQ
20539http://www.securityfocus.com/bid/20539BID
kmail-table-frameset-dos(29557)https://exchange.xforce.ibmcloud.com/vulnerabilities/29557XF