X41 D-Sec GmbH Security Advisory: X41-2017-003

Directory Traversal in ktnef

Overview

Summary and Impact

A directory traversal issue was found in ktnef which can be exploited by tricking a user into opening a malicious winmail.dat file. The issue allows to write files with the permission of the user opening the winmail.dat file during extraction.

Product Description

ktnef offers a library and utilities to extract the files from winmail.dat files. winmail.dat files are send by Microsoft Outlook when forwarding files via e-mail.

Workarounds

Apply the vendor supplied patch: https://cgit.kde.org/ktnef.git/commit/?id=4ff38aa15487d69021aacad4b078500f77fb4ae8

About X41 D-Sec GmbH

X41 D-Sec is a provider of application security services. We focus on application code reviews, design review and security testing. X41 D-Sec GmbH was founded in 2015 by Markus Vervier. We support customers in various industries such as finance, software development and public institutions.

Timeline