CVE-2006-6660
published 2006-12-20CVE-2006-6660: The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service…
PriorityP413medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
2.36%
81.7th percentile
The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kde | libkhtml | <= 4.2.0 | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
CVE-2006-6660: The nodeType function in KDE libkhtml 4
vendor_redhat·CVSS 4.3
CVE-2006-6660 [MEDIUM] CVE-2006-6660: The nodeType function in KDE libkhtml 4
The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.
Statement: Not vulnerable. This issue did not affect the versions of KDE as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
GHSA
GHSA-vr7j-65g3-xc3f: The nodeType function in KDE libkhtml 4
ghsa_unreviewed·2022-05-01
CVE-2006-6660 [MEDIUM] GHSA-vr7j-65g3-xc3f: The nodeType function in KDE libkhtml 4
The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.
No detection rules found.
Exploit-DB
KDE libkhtml 3.5 < 4.2.0 - Unhandled HTML Parse Exception
exploitdb·2006-12-19
CVE-2006-6660 KDE libkhtml 3.5 < 4.2.0 - Unhandled HTML Parse Exception
KDE libkhtml 3.5 ::count () from /usr/kde/3.5/lib/libkhtml.so.4
#2 0xb64b0550 in TestFunctionImp::~TestFunctionImp () from /usr/kde/3.5/lib/libkhtml.so.4
#3 0xb64b43a2 in TestFunctionImp::~TestFunctionImp () from /usr/kde/3.5/lib/libkhtml.so.4
#4 0xb63329d5 in DOM::RegisteredListenerList::getHTMLEventListener () from /usr/kde/3.5/lib/libkhtml.so.4
#5 0xbf86ae90 in ?? ()
#6 0x00000001 in ?? ()
#7 0xb736f8ec in ?? () from /usr/qt/3/lib/libqt-mt.so.3
#8 0xb71e36f9 in qt_check_pointer () from /usr/qt/3/lib/libqt-mt.so.3
Previous frame inner to this frame (corrupt stack?)
CRASH CODE:
-->
>
# milw0rm.com [2006-12-19]
Exploit-DB
KDE LibkHTML 4.2 - NodeType Function Denial of Service
exploitdb·2006-12-19
CVE-2006-6660 KDE LibkHTML 4.2 - NodeType Function Denial of Service
KDE LibkHTML 4.2 - NodeType Function Denial of Service
---
source: https://www.securityfocus.com/bid/21662/info
KDE libkhtml is prone to a denial-of-service vulnerability.
This issue is triggered when an attacker convinces a victim user to open a malicious HTML document via an affected application such as kmail or Konqueror.
Remote attackers may exploit this issue to crash applications that use the affected library, effectively denying service to legitimate users.
>
No writeups or analysis indexed.
http://downloads.securityfocus.com/vulnerabilities/exploits/21662.htmlhttp://www.securityfocus.com/bid/21662http://www.vupen.com/english/advisories/2006/5071http://downloads.securityfocus.com/vulnerabilities/exploits/21662.htmlhttp://www.securityfocus.com/bid/21662http://www.vupen.com/english/advisories/2006/5071
2006-12-20
Published