CVE-2007-0242 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-0242
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-0242

Description: The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/33397 UBUNTU http://www.ubuntu.com/usn/usn-452-1 SUSE http://www.novell.com/linux/security/advisories/2007_6_sr.html SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591 SGI SAID Secunia Advisory: SA24759 Secunia Advisory: SA24889 Secunia Advisory: SA24797 Secunia Advisory: SA24847 Secunia Advisory: SA24726 Secunia Advisory: SA24705 Secunia Advisory: SA24727 Secunia Advisory: SA24699 Secunia Advisory: SA25263 Secunia Advisory: SA26857 Secunia Advisory: SA26804 Secunia Advisory: SA27108 Secunia Advisory: SA27275 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0883.html http://www.redhat.com/support/errata/RHSA-2007-0909.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:074 http://www.mandriva.com/security/advisories?name=MDKSA-2007:075 http://www.mandriva.com/security/advisories?name=MDKSA-2007:076 FEDORA http://fedoranews.org/updates/FEDORA-2007-703.shtml DEBIAN http://www.debian.org/security/2007/dsa-1292 CONFIRM http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350 http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html http://www.nabble.com/Bug-417390:-CVE-2007-0242,--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html BID 23269

Return to the previous page.