PT-2009-1068 · Icu+1 · International Components For Unicode+1

Vincent Danen

Published

2009-05-13

Updated

2017-09-29

CVE-2009-0153

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions International Components for Unicode (ICU) versions 3.6 and other 3.x versions ICU version 4.0

Description The issue is related to the improper handling of invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. This could lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out remotely.

Recommendations For ICU versions 3.6 and other 3.x versions, update to a version that properly handles Unicode conversion to prevent cross-site scripting (XSS) attacks. For ICU version 4.0, update to a version that properly handles Unicode conversion to prevent cross-site scripting (XSS) attacks.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2015-07264

BDU:2015-07338

BDU:2015-07340

BDU:2015-07342

BDU:2015-08482

BDU:2015-08483

BDU:2015-08484

BDU:2015-08485

CVE-2009-0153

DSA-1889-1

RHSA-2009:1122

RHSA-2009_1122

Affected Products

International Components For Unicode

Red Hat

PT-2009-1068 · Icu+1 · International Components For Unicode+1

CVE-2009-0153

Weakness Enumeration

Related Identifiers

Affected Products

References · 40