Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-0242

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-0242
Last Modified 18 Jun 2012 10:27:27
Published 03 Apr 2007 12:19:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-0242

Summary

The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.

Vulnerable Systems

Application

  • Qt 3.3.8

  • Qt 4.2.3


References

CONFIRM - http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350

VUPEN - ADV-2007-1212

CONFIRM - http://www.nabble.com/Bug-417390:-CVE-2007-0242,--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html

CONFIRM - https://issues.rpath.com/browse/RPL-1202

XF - qt-utf8-xss(33397)

UBUNTU - USN-452-1

BID - 23269

REDHAT - RHSA-2007:0909

REDHAT - RHSA-2007:0883

SUSE - SUSE-SR:2007:006

MANDRIVA - MDKSA-2007:076

MANDRIVA - MDKSA-2007:075

MANDRIVA - MDKSA-2007:074

DEBIAN - DSA-1292

CONFIRM - http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html

CONFIRM - http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm

SLACKWARE - SSA:2007-093-03

SECUNIA - 27275

SECUNIA - 27108

SECUNIA - 26857

SECUNIA - 26804

SECUNIA - 25263

SECUNIA - 24889

SECUNIA - 24847

SECUNIA - 24797

SECUNIA - 24759

SECUNIA - 24727

SECUNIA - 24726

SECUNIA - 24705

SECUNIA - 24699

FEDORA - FEDORA-2007-703

SGI - 20070901-01-P

SECUNIA - 46117

REDHAT - RHSA-2011:1324

Related Patches

Novell SUSE 2007:3052 qt3 security update for SLE 10 i586


Last Updated: 27 May 2016 10:56:31