CVE-2012-4515
published 2012-11-11CVE-2012-4515: Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause…
PriorityP337medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
6.44%
92.9th percentile
Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kde | kde | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3cmm-g83j-44q7: Use-after-free vulnerability in khtml/rendering/render_replaced
ghsa_unreviewed·2022-05-17
CVE-2012-4515 [MEDIUM] GHSA-3cmm-g83j-44q7: Use-after-free vulnerability in khtml/rendering/render_replaced
Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.
Red Hat
kdelibs: Use-after-free when context menu being used whilst the document DOM is being changed from within JavaScript
vendor_redhat·2012-10-30·CVSS 6.8
CVE-2012-4515 [MEDIUM] CWE-416 kdelibs: Use-after-free when context menu being used whilst the document DOM is being changed from within JavaScript
kdelibs: Use-after-free when context menu being used whilst the document DOM is being changed from within JavaScript
Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.
Statement: Not vulnerable. This issue did not affect the versions of kdelibs as shipped with Red Hat Enterprise Linux 5 and 6.
Package: kdelibs (Red Hat Enterprise Linux 5) - Not affected
Package: kdelibs (Red Hat Enterprise Linux 6) - Not affected
No detection rules found.
Bugzilla
CVE-2012-4514 CVE-2012-4515 kdelibs various flaws [fedora-all]
bugzilla·2012-10-30·CVSS 5.0
CVE-2012-4514 [MEDIUM] CVE-2012-4514 CVE-2012-4515 kdelibs various flaws [fedora-all]
CVE-2012-4514 CVE-2012-4515 kdelibs various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple s
Bugzilla
CVE-2012-4515 kdelibs: Use-after-free when context menu being used whilst the document DOM is being changed from within JavaScript
bugzilla·2012-10-12·CVSS 6.8
CVE-2012-4515 [MEDIUM] CVE-2012-4515 kdelibs: Use-after-free when context menu being used whilst the document DOM is being changed from within JavaScript
CVE-2012-4515 kdelibs: Use-after-free when context menu being used whilst the document DOM is being changed from within JavaScript
An use-after-free flaw was found in the way DOM implementation of KDE libraries performed widget rendering for context menus for a given iframe when the iframe was simultaneously being updated by the parent via JavaScript. A remote attacker could provide a specially-crafted web page that, when opened in an application linked against KDE libraries (such as konqueror), would lead to that application crash or, potentially, arbitrary code execution (depending on the state of the process at the moment the no-longer existing process was accessed) with the privileges of the user running the application.
References:
[1] http://www.openwall.com/lists/oss-security/2012
http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.htmlhttp://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=4f2eb356f1c23444fff2cfe0a7ae10efe303d6d8http://secunia.com/advisories/51097http://secunia.com/advisories/51145http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.aschttp://www.openwall.com/lists/oss-security/2012/10/11/11http://www.openwall.com/lists/oss-security/2012/10/30/6http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.htmlhttp://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=4f2eb356f1c23444fff2cfe0a7ae10efe303d6d8http://secunia.com/advisories/51097http://secunia.com/advisories/51145http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.aschttp://www.openwall.com/lists/oss-security/2012/10/11/11http://www.openwall.com/lists/oss-security/2012/10/30/6
2012-11-11
Published