[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

USN-857-1 -- qt4-x11 vulnerabilities

ID: oval:org.secpod.oval:def:700437Date: (C)2011-05-13   (M)2024-02-15
Class: PATCHFamily: unix




It was discovered that QtWebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. Several flaws were discovered in the QtWebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that QtWebKit did not properly handle certain XSL stylesheets. If a user were tricked into viewing a malicious website, an attacker could exploit this to read arbitrary local files, and possibly files from different security zones. It was discovered that QtWebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program

Platform:
Ubuntu 8.10
Ubuntu 9.04
Product:
qt4-x11
Reference:
USN-857-1
CVE-2009-0945
CVE-2009-1687
CVE-2009-1690
CVE-2009-1698
CVE-2009-1699
CVE-2009-1711
CVE-2009-1712
CVE-2009-1713
CVE-2009-1725
CVE    9
CVE-2009-0945
CVE-2009-1725
CVE-2009-1687
CVE-2009-1698
...
CPE    2
cpe:/o:ubuntu:ubuntu_linux:8.10
cpe:/o:ubuntu:ubuntu_linux:9.04

© SecPod Technologies