CVE-2007-1265
Last modified
CVE-2007-1265 is a vulnerability of currently unknown severity. KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.. EPSS estimates a 2.05% chance of exploitation in the next 30 days.
Description
KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kde | K-Mail | 0.0.29.2 |
| Kde | K-Mail | 1.0.23 |
| Kde | K-Mail | 1.0.24 |
| Kde | K-Mail | 1.0.25 |
| Kde | K-Mail | 1.0.26 |
| Kde | K-Mail | 1.0.27 |
| Kde | K-Mail | 1.0.28 |
| Kde | K-Mail | 1.0.29 |
| Kde | K-Mail | 1.0.29.1 |
| Kde | K-Mail | 1.0.29.2 |
| Kde | K-Mail | 1.1 |
| Kde | K-Mail | 1.2 |
| Kde | K-Mail | 1.3.1 |
| Kde | K-Mail | 1.7.1 |
| Kde | K-Mail | 1.9.1 |
| Kde | K-Mail | 1.86.2.36 |
| Kde | K-Mail | 1.87 |
| Kde | K-Mail | 1.88 |
| Kde | K-Mail | 1.89 |
| Kde | K-Mail | 1.90 |
| Kde | K-Mail | 1.92 |
| Kde | K-Mail | 1.93 |
| Kde | K-Mail | 1.94 |
| Kde | K-Mail | 1.95 |
| Kde | K-Mail | 1.101 |
| Kde | K-Mail | 1.102 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-1265?
How severe is CVE-2007-1265?
How do I fix CVE-2007-1265?
Are you affected by CVE-2007-1265?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST