A vulnerability has been reported in KDE, which can be exploited by malicious people to compromise a user's system.

KGet does not properly sanitise the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks.

Note: This is caused due to an incomplete fix for SA39528.

The vulnerability is reported in version 4.6.2. Other versions may also be affected.

Solution
Fixed in the SVN repository.
Further details available to Secunia VIM customers

Provided and/or discovered by
Disclosed in SVN commits.

Original Advisory
KDE:
http://websvn.kde.org/branches/KDE/4.4/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227468&r2=1227467&pathrev=1227468
http://websvn.kde.org/branches/KDE/4.5/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227469&r2=1227468&pathrev=1227469
http://websvn.kde.org/branches/KDE/4.6/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227471&r2=1227470&pathrev=1227471

Launchpad Bug#757526:
https://bugs.launchpad.net/ubuntu/+source/kdenetwork/+bug/757526

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers