UI spoofing in different QT applications - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

UI spoofing in different QT applications
Published: 10.10.2011
Source: BUGTRAQ
SecurityVulns ID: 11952
Type: library
Level: 3/10
Description: Using Qt QLabel class to display security critical information allows interface spoofing.

CVE: CVE-2011-3367 (Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.)
CVE-2011-3366 (Rekonq 0.7.0 and earlier does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.)
CVE-2011-3365 (The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.)

Original document Tim Brown, Low severity flaw in various applications including KSSL, Rekonq, Arora, Psi IM (10.10.2011)

Discuss: Read or add your comments to this news (0 comments)