[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

USN-857-1 -- qt4-x11 vulnerabilities

ID: oval:org.secpod.oval:def:700437Date: (C)2011-05-13   (M)2017-10-04
Class: PATCHFamily: unix




It was discovered that QtWebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. Several flaws were discovered in the QtWebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that QtWebKit did not properly handle certain XSL stylesheets. If a user were tricked into viewing a malicious website, an attacker could exploit this to read arbitrary local files, and possibly files from different security zones. It was discovered that QtWebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program

Platform:
Ubuntu 8.10
Ubuntu 9.04
Product:
qt4-x11
Reference:
USN-857-1
CVE-2009-0945
CVE-2009-1687
CVE-2009-1690
CVE-2009-1698
CVE-2009-1699
CVE-2009-1711
CVE-2009-1712
CVE-2009-1713
CVE-2009-1725
CVE    9
CVE-2009-1713
CVE-2009-1712
CVE-2009-1711
CVE-2009-0945
...
CPE    94
cpe:/a:apple:safari:4.0:beta
cpe:/a:apple:safari:1.3.0
cpe:/a:apple:safari:1.3.1
cpe:/a:apple:safari:1.3.2
...

© 2013 SecPod Technologies