Unpatched KDE vulnerability disclosed on Twitter

Just viewing --not running-- a malicious .desktop or .directory file inside a file browser can run malicious code on a user's system.