Vulnerability Description
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qt | Qt | 3.3.8 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc
- http://fedoranews.org/updates/FEDORA-2007-703.shtml
- http://rhn.redhat.com/errata/RHSA-2011-1324.html
- http://secunia.com/advisories/24699
- http://secunia.com/advisories/24705
- http://secunia.com/advisories/24726
- http://secunia.com/advisories/24727
- http://secunia.com/advisories/24759
- http://secunia.com/advisories/24797
- http://secunia.com/advisories/24847
- http://secunia.com/advisories/24889
- http://secunia.com/advisories/25263
- http://secunia.com/advisories/26804
- http://secunia.com/advisories/26857
- http://secunia.com/advisories/27108
FAQ
What is CVE-2007-0242?
CVE-2007-0242 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) an...
How severe is CVE-2007-0242?
CVE-2007-0242 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0242?
Check the references section above for vendor advisories and patch information. Affected products include: Qt Qt.