CVE-2004-1158

Severity

75%

Complexity

99%

Confidentiality

106%

Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

MandrakeSoft Mandrake Linux

First reported 20 years ago

2005-01-10 05:00:00

Last updated 7 years ago

2017-10-11 01:29:00

Affected Software

MandrakeSoft Mandrake Linux 10.0

10.0

MandrakeSoft Mandrake Linux 10.1

10.1

References

20041213 KDE Security Advisory: Konqueror Window Injection Vulnerability

13254

13477

13486

13560

http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

Exploit, Vendor Advisory

http://secunia.com/secunia_research/2004-13/advisory/

http://www.kde.org/info/security/advisory-20041213-1.txt

SUSE-SR:2005:001

RHSA-2005:009

11853

Exploit, Patch, Vendor Advisory

oval:org.mitre.oval:def:11056

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.