Computer Security

QT / KJS UTF-8 decoding security vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



QT / KJS UTF-8 decoding security vulnerability
Published:05.04.2007
Source:CVE
SecurityVulns ID:7532
Type:library
Level:6/10
Description:Oversized UTF-8 sequences are not blocking, making it possible to conduct cross-site scripting and directory traversal attacks.
Affected:QT : qt 3.3
 KDE : KDE 3.5
CVE:CVE-2007-0242 (The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru