Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: KDE kjs encodeuri/decodeuri heap overflow vulnerability SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
KDE kjs encodeuri/decodeuri heap overflow vulnerability
There is a vulnerability in KDE kjs JavaScript interpreter engine which can be exploited to cause a DoS or arbitrary code to be executed on a vulnerable system.

The JavaScript interpreter engine used by Konqueror and other parts of KDE contain a heap overflow which can be triggered when decoding specially crafted UTF-8 encoded URI sequences. Vulnerable system can be compromised by malicious javascript code (e.g. on a malicious website) using affected JavaScript interpreter engine.

Details can be found at:
Koon Yaw

68 Posts
Jan 21st 2006

Sign Up for Free or Log In to start participating in the conversation!