Vulnerability Details : CVE-2002-1306
Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2002-1306
Probability of exploitation activity in the next 30 days: 9.37%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-1306
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2002-1306
-
http://www.iss.net/security_center/static/10598.php
Vendor Advisory
- http://marc.info/?l=bugtraq&m=103728981029342&w=2
-
http://www.iss.net/security_center/static/10597.php
- http://www.ciac.org/ciac/bulletins/n-020.shtml
-
http://www.novell.com/linux/security/advisories/2002_042_kdenetwork.html
-
http://www.kde.org/info/security/advisory-20021111-2.txt
Patch;Vendor Advisory
- http://marc.info/?l=bugtraq&m=103712329102632&w=2
-
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-080.php
- http://www.redhat.com/support/errata/RHSA-2002-220.html
-
http://www.debian.org/security/2002/dsa-214
Products affected by CVE-2002-1306
- cpe:2.3:o:kde:kde:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:2.2:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:2.1.1:*:*:*:*:*:*:*