CVE-2007-0242

Severity

43%

Complexity

86%

Confidentiality

48%

The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.

The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

First reported 17 years ago

2007-04-03 16:19:00

Last updated 7 years ago

2017-10-11 01:31:00

Affected Software

Qt 4.2.3

4.2.3

References

20070901-01-P

FEDORA-2007-703

RHSA-2011:1324

24699

24705

24726

24727

24759

24797

24847

24889

25263

26804

26857

27108

27275

46117

SSA:2007-093-03

http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm

http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html

http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html

DSA-1292

MDKSA-2007:074

MDKSA-2007:075

MDKSA-2007:076

http://www.nabble.com/Bug-417390:-CVE-2007-0242,--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html

Vendor Advisory

SUSE-SR:2007:006

RHSA-2007:0883

RHSA-2007:0909

23269

http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350

Patch

USN-452-1

ADV-2007-1212

qt-utf8-xss(33397)

https://issues.rpath.com/browse/RPL-1202

oval:org.mitre.oval:def:11510

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.