Colin Phipps

**Name of the Vulnerable Software and Affected Versions** KDE versions 3.2.3 and earlier **Description** The issue allows local users to gain unauthorized access through a symlink attack on DCOP files in the /tmp directory. **Recommendations** For KDE versions 3.2.3 and earlier, consider restricting access to the /tmp directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** catdoc versions 0.91 and earlier **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names, specifically "word$$.html", in the msxlsview.sh script of xlsview for catdoc. **Recommendations** For catdoc versions 0.91 and earlier, consider restricting access to the msxlsview.sh script until a patch is available, or avoid using the script with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.