KDE has fixed a vulnerability within its KDE Framework that allowed for malicious code execution simply by viewing a .desktop file, by removing the feature being exploited altogether. Earlier this week, a security researcher Dominik Penner published a proof of concept that showed how users could be compromised simply by viewing a malicious .desktop file, which is typically used to show an icon for a file or directory, in the KDE file browser.
Read full article on ZDNet