Computer Security
[EN] securityvulns.ru no-pyccku


UI spoofing in different QT applications
Published:10.10.2011
Source:
SecurityVulns ID:11952
Type:library
Threat Level:
3/10
Description:Using Qt QLabel class to display security critical information allows interface spoofing.
CVE:CVE-2011-3367 (Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.)
 CVE-2011-3366 (Rekonq 0.7.0 and earlier does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.)
 CVE-2011-3365 (The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.)
Original documentdocumentTim Brown, Low severity flaw in various applications including KSSL, Rekonq, Arora, Psi IM (10.10.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod