First published: Tue Apr 03 2007(Updated: )
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Qt | =3.3.8 | |
Qt | =4.2.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2007-0242 is classified as a medium severity vulnerability.
To fix CVE-2007-0242, upgrade to a later version of Qt that addresses the vulnerability.
CVE-2007-0242 can allow remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks.
CVE-2007-0242 affects Qt versions 3.3.8 and 4.2.3.
CVE-2007-0242 can lead to vulnerabilities in applications relying on the affected versions of Qt, potentially allowing execution of harmful scripts.