Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0019

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0019
Last Modified 07 Mar 2011 09:29:10
Published 20 Jan 2006 04:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0019

Summary

Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.

Vulnerable Systems

Operating System

  • Kde 3.2

  • Kde 3.2.0

  • Kde 3.2.0 Beta1

  • Kde 3.2.1

  • Kde 3.2.2

  • Kde 3.2.3

  • Kde 3.2.x

  • Kde 3.3

  • Kde 3.3.0

  • Kde 3.3.1

  • Kde 3.3.2

  • Kde 3.3.x

  • Kde 3.4

  • Kde 3.4.0

  • Kde 3.4.1

  • Kde 3.4.2

  • Kde 3.5.0


References

BUGTRAQ - 20060119 [KDE Security Advisory] kjs encodeuri/decodeuri heap overflow

CONFIRM - http://www.kde.org/info/security/advisory-20060119-1.txt

SECUNIA - 18500

CONFIRM - ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdelibs-kjs.diff

VUPEN - ADV-2006-0265

UBUNTU - USN-245-1

SUSE - SUSE-SA:2006:003

REDHAT - RHSA-2006:0184

GENTOO - GLSA-200601-11

DEBIAN - DSA-948

SECUNIA - 18570

SECUNIA - 18561

SECUNIA - 18559

SECUNIA - 18552

SECUNIA - 18540

XF - kde-kjs-bo(24242)

BID - 16325

FEDORA - FLSA:178606

OSVDB - 22659

MANDRIVA - MDKSA-2006:019

SLACKWARE - SSA:2006-045-05

SECTRACK - 1015512

SREASON - 364

SECUNIA - 18899

SECUNIA - 18583


Last Updated: 27 May 2016 10:41:29