PT-2009-1068 · Icu+1 · International Components For Unicode+1

Vincent Danen

Publicado

2009-05-13

Atualizado

2017-09-29

CVE-2009-0153

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions International Components for Unicode (ICU) versions 3.6 and other 3.x versions ICU version 4.0

Description The issue is related to the improper handling of invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. This could lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out remotely.

Recommendations For ICU versions 3.6 and other 3.x versions, update to a version that properly handles Unicode conversion to prevent cross-site scripting (XSS) attacks. For ICU version 4.0, update to a version that properly handles Unicode conversion to prevent cross-site scripting (XSS) attacks.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2015-07264

BDU:2015-07338

BDU:2015-07340

BDU:2015-07342

BDU:2015-08482

BDU:2015-08483

BDU:2015-08484

BDU:2015-08485

CVE-2009-0153

DSA-1889-1

RHSA-2009:1122

RHSA-2009_1122

Produtos afetados

International Components For Unicode

Red Hat

PT-2009-1068 · Icu+1 · International Components For Unicode+1

CVE-2009-0153

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 40