KDE Frameworks

KDE Frameworks Command Execution Vulnerability (CVE-2019-14744) Threat Alert

August 19, 2019

Overview

Recently, a security researcher took to Twitter to disclose a KDE Frameworks command injection vulnerability, which stems from the KDesktopfile class handling .desktop, .directory, and configuration files. An attacker could create malicious files of these types, which, once being viewed with the KDE file viewer, could trigger the vulnerability, leading to code execution without requiring any user interactions like executing such files. (more…)

Search

Subscribe to the NSFOCUS Blog