The KDE team found a buffer overflow in the file information reader of VCF files. An attacker could construct a VCF file so that when it was opened by a victim it would execute arbitrary commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0988 to this issue. CAN-2003-0988 Affects: 3AS 3ES 3WS Note the kdepim packages in RHEL 2.1 are not affected by this issue. RHSA-2004:005 will provide updated packages with a backported security patch. This issue is under embargo and will be opened on January 14th 2004.
Fixed, see http://rhn.redhat.com/errata/RHSA-2004-005.html