[UCI-Linux] KDE kjs (javascript interpreter) exploit

Mike Iglesias iglesias at draco.acs.uci.edu
Sat Jan 21 17:18:12 PST 2006


Those of you running KDE should upgrade ASAP...


>From http://isc.sans.org/


KDE kjs encodeuri/decodeuri heap overflow vulnerability (NEW)
Published: 2006-01-21,
Last Updated: 2006-01-21 20:07:13 UTC by Koon Tan (Version: 1)

There is a vulnerability in KDE kjs JavaScript interpreter engine which
can be exploited to cause a DoS or arbitrary code to be executed on a
vulnerable system.

The JavaScript interpreter engine used by Konqueror and other parts of
KDE contain a heap overflow which can be triggered when decoding
specially crafted UTF-8 encoded URI sequences. Vulnerable system can be
compromised by malicious javascript code (e.g. on a malicious website)
using affected JavaScript interpreter engine.

Details can be found at:
http://secunia.com/advisories/18500/
http://www.kde.org/info/security/advisory-20060119-1.txt


More information about the UCI-Linux mailing list