CVE-2014-2528

Name of the Vulnerable Software and Affected Versions KDirStat version 2.7.3

Description The issue arises from improper string quoting in the directory deletion process, allowing remote attackers to execute arbitrary commands by including a ' (single quote) character in the directory name.

Recommendations For KDirStat version 2.7.3, consider avoiding the use of single quotes in directory names until a patch is available. As a temporary workaround, restrict the ability to create directories with single quotes in their names to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.