Vulnerability Report

CVE-2007-0242

Title: Qt Path Traversal / LFI

Path Traversal / LFI

Proof Of Concept

No public PoC currently indexed for CVE-2007-0242.

CWE Category NVD-CWE-noinfo

Published Date Apr 03, 2007

Modified Date Apr 09, 2025

Exploit Status Not Found

Score 4.3 CVSS v2.0

Exploit Probability (EPSS)

2.17%

Vulnerability Summary

CVE-2007-0242: The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.

Impacted Vendors

trolltech 1

qt 1

Reference Links

ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc http://fedoranews.org/updates/FEDORA-2007-703.shtml http://rhn.redhat.com/errata/RHSA-2011-1324.html http://secunia.com/advisories/24699 http://secunia.com/advisories/24705 http://secunia.com/advisories/24726 http://secunia.com/advisories/24727 http://secunia.com/advisories/24759 http://secunia.com/advisories/24797 http://secunia.com/advisories/24847 http://secunia.com/advisories/24889 http://secunia.com/advisories/25263 http://secunia.com/advisories/26804 http://secunia.com/advisories/26857 http://secunia.com/advisories/27108 http://secunia.com/advisories/27275 http://secunia.com/advisories/46117 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591 http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html http://www.debian.org/security/2007/dsa-1292 http://www.mandriva.com/security/advisories?name=MDKSA-2007:074 http://www.mandriva.com/security/advisories?name=MDKSA-2007:075 http://www.mandriva.com/security/advisories?name=MDKSA-2007:076 http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html http://www.novell.com/linux/security/advisories/2007_6_sr.html http://www.redhat.com/support/errata/RHSA-2007-0883.html http://www.redhat.com/support/errata/RHSA-2007-0909.html http://www.securityfocus.com/bid/23269 http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350 http://www.ubuntu.com/usn/usn-452-1 http://www.vupen.com/english/advisories/2007/1212 https://exchange.xforce.ibmcloud.com/vulnerabilities/33397 https://issues.rpath.com/browse/RPL-1202 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510 ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc http://fedoranews.org/updates/FEDORA-2007-703.shtml http://rhn.redhat.com/errata/RHSA-2011-1324.html http://secunia.com/advisories/24699 http://secunia.com/advisories/24705 http://secunia.com/advisories/24726 http://secunia.com/advisories/24727 http://secunia.com/advisories/24759 http://secunia.com/advisories/24797 http://secunia.com/advisories/24847 http://secunia.com/advisories/24889 http://secunia.com/advisories/25263 http://secunia.com/advisories/26804 http://secunia.com/advisories/26857 http://secunia.com/advisories/27108 http://secunia.com/advisories/27275 http://secunia.com/advisories/46117 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591 http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html http://www.debian.org/security/2007/dsa-1292 http://www.mandriva.com/security/advisories?name=MDKSA-2007:074 http://www.mandriva.com/security/advisories?name=MDKSA-2007:075 http://www.mandriva.com/security/advisories?name=MDKSA-2007:076 http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html http://www.novell.com/linux/security/advisories/2007_6_sr.html http://www.redhat.com/support/errata/RHSA-2007-0883.html http://www.redhat.com/support/errata/RHSA-2007-0909.html http://www.securityfocus.com/bid/23269 http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350 http://www.ubuntu.com/usn/usn-452-1 http://www.vupen.com/english/advisories/2007/1212 https://exchange.xforce.ibmcloud.com/vulnerabilities/33397 https://issues.rpath.com/browse/RPL-1202 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

4.3

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:N/I:P/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2007-0242 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 09, 2025 MODIFIED

Vulnerability data or affected products updated.

April 03, 2007 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected Stack

No specific products linked.