KDE kjs encodeuri/decodeuri heap overflow vulnerability

Published: 2006-01-21
Last Updated: 2006-01-21 20:07:13 UTC
by Koon Yaw Tan (Version: 1)
0 comment(s)
There is a vulnerability in KDE kjs JavaScript interpreter engine which can be exploited to cause a DoS or arbitrary code to be executed on a vulnerable system.

The JavaScript interpreter engine used by Konqueror and other parts of KDE contain a heap overflow which can be triggered when decoding specially crafted UTF-8 encoded URI sequences. Vulnerable system can be compromised by malicious javascript code (e.g. on a malicious website) using affected JavaScript interpreter engine.

Details can be found at:
http://secunia.com/advisories/18500/
http://www.kde.org/info/security/advisory-20060119-1.txt
Keywords:
0 comment(s)

Comments


Diary Archives