Kde · Kdirstat · CVE-2014-2528
**Name of the Vulnerable Software and Affected Versions**
KDirStat version 2.7.3
**Description**
The issue arises from improper string quoting in the directory deletion process, allowing remote attackers to execute arbitrary commands by including a ' (single quote) character in the directory name.
**Recommendations**
For KDirStat version 2.7.3, consider avoiding the use of single quotes in directory names until a patch is available. As a temporary workaround, restrict the ability to create directories with single quotes in their names to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.