CVE-2002-2409

Name of the Vulnerable Software and Affected Versions QNX Neutrino realtime operating system (RTOS) versions 6.1.0 through 6.2.0

Description The issue allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID. This is related to the Photon microGUI component.

Recommendations For QNX Neutrino realtime operating system (RTOS) versions 6.1.0 through 6.2.0, consider restricting access to the directory containing the 1.TEXT file to prevent unauthorized reading of user clipboard information. As a temporary workaround, restrict access to the 1.TEXT file until a patch is available.