FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

kdepimlibs -- directory traversal on KTNEF

Affected packages
kdepimlibs < 4.14.10_7


VuXML ID e550fc62-069a-11e7-8e3e-5453ed2e2b49
Discovery 2017-02-27
Entry 2017-03-11

Albert Aastals Cid reports:

A directory traversal issue was found in KTNEF which can be exploited by tricking a user into opening a malicious winmail.dat file. The issue allows to write files with the permission of the user opening the winmail.dat file during extraction.