I just read this but the original release date of the advisory was on 12-20-02 so it might be old news to some.

All KDE 2 and 3 including 3.0.5 are affected.

The vulnerabilities potentially enable local or remote attackers
to compromise the privacy of a vicitim's data and to execute arbitrary
shell commands with the victim's privileges, such as erasing files or
accessing or modifying data.

[kde.org...]