| Severity |
|
| Remote |
|
| Type |
| + |
Arbitrary command execution |
|
| Description |
| + |
Opening an url with ark will call KRUN::runURL() which detects the mime-type of the url and runs the appropriate service for that mimetype when found. This leads to unintended execution of scripts and executable files. |
|
| References |
| + |
https://www.kde.org/info/security/advisory-20170112-1.txt |
| + |
http://seclists.org/oss-sec/2017/q1/45 |
| + |
https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065 |
| + |
https://bugs.kde.org/show_bug.cgi?id=374572 |
|
| Notes |
|