CVE-2012-3413

Name of the Vulnerable Software and Affected Versions KDE PIM versions 4.6 through 4.8

Description The issue concerns the HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp, which fails to disable JavaScript, Java, and Plugins. This allows remote attackers to inject arbitrary web script or HTML via a crafted email.

Recommendations For KDE PIM versions 4.6 through 4.8, consider disabling the HTMLQuoteColorer::process function until a patch is available. Restrict access to email messages that may contain malicious content to minimize the risk of exploitation.