CVE-2017-5330 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Arbitrary command execution
Description	Opening an url with ark will call KRUN::runURL() which detects the mime-type of the url and runs the appropriate service for that mimetype when found. This leads to unintended execution of scripts and executable files.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-130	ark	16.12.0-1	16.12.1-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
13 Jan 2017	ASA-201701-18	AVG-130	ark	High	arbitrary command execution

References
https://www.kde.org/info/security/advisory-20170112-1.txt http://seclists.org/oss-sec/2017/q1/45 https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065 https://bugs.kde.org/show_bug.cgi?id=374572

References

https://www.kde.org/info/security/advisory-20170112-1.txt
http://seclists.org/oss-sec/2017/q1/45
https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065
https://bugs.kde.org/show_bug.cgi?id=374572