Computer Security
[EN] securityvulns.ru no-pyccku


QT / KJS UTF-8 decoding security vulnerability
Published:05.04.2007
Source:
SecurityVulns ID:7532
Type:library
Threat Level:
6/10
Description:Oversized UTF-8 sequences are not blocking, making it possible to conduct cross-site scripting and directory traversal attacks.
Affected:QT : qt 3.3
 KDE : KDE 3.5
CVE:CVE-2007-0242 (The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod