Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: KDE kjs encodeuri/decodeuri heap overflow vulnerability - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
KDE kjs encodeuri/decodeuri heap overflow vulnerability
There is a vulnerability in KDE kjs JavaScript interpreter engine which can be exploited to cause a DoS or arbitrary code to be executed on a vulnerable system.

The JavaScript interpreter engine used by Konqueror and other parts of KDE contain a heap overflow which can be triggered when decoding specially crafted UTF-8 encoded URI sequences. Vulnerable system can be compromised by malicious javascript code (e.g. on a malicious website) using affected JavaScript interpreter engine.

Details can be found at:
http://secunia.com/advisories/18500/
http://www.kde.org/info/security/advisory-20060119-1.txt
Koon Yaw

68 Posts

Sign Up for Free or Log In to start participating in the conversation!