CVE-2017-5330

Source
Severity High
Remote No
Type Arbitrary command execution
Description
Opening an url with ark will call KRUN::runURL() which detects the mime-type of the url and runs the appropriate service for that mimetype when found. This leads to unintended execution of scripts and executable files.
Group Package Affected Fixed Severity Status Ticket
AVG-130 ark 16.12.0-1 16.12.1-1 High Fixed
Date Advisory Group Package Severity Description
13 Jan 2017 ASA-201701-18 AVG-130 ark High arbitrary command execution
References
https://www.kde.org/info/security/advisory-20170112-1.txt
http://seclists.org/oss-sec/2017/q1/45
https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065
https://bugs.kde.org/show_bug.cgi?id=374572