Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-4515

CWE-399CWE-416Use After Free7 documents6 sources
Severity
6.8MEDIUM
EPSS
9.9%
top 6.99%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
KDE KDE
Timeline
PublishedNov 11
Latest updateMay 17

Description

Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDkde/kde4.7.3

🔴Vulnerability Details

2
GHSA
GHSA-3cmm-g83j-44q7: Use-after-free vulnerability in khtml/rendering/render_replaced2022-05-17
CVEList
CVE-2012-4515: Use-after-free vulnerability in khtml/rendering/render_replaced2012-11-11

💥Exploits & PoCs

1
Exploit-DB
Konqueror 4.7.3 - Memory Corruption2012-11-01

📋Vendor Advisories

1
Red Hat
kdelibs: Use-after-free when context menu being used whilst the document DOM is being changed from within JavaScript2012-10-30

💬Community

2
Bugzilla
CVE-2012-4514 CVE-2012-4515 kdelibs various flaws [fedora-all]2012-10-30
Bugzilla
CVE-2012-4515 kdelibs: Use-after-free when context menu being used whilst the document DOM is being changed from within JavaScript2012-10-12