International Components for Unicode Invalid ISO Character Handling Vulnerability

The International Components for Unicode (ICU) is prone to a vulnerability related to the handling of certain invalid character sequences.

An attacker may leverage this vulnerability to bypass content filters. This may lead to cross-site scripting attacks or the disclosure of sensitive information in some cases. Other attacks are also possible.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities), but has been given its own record to better document the vulnerability.

NOTE: This BID was formerly titled 'Apple Mac OS X International Components for Unicode Information Disclosure Vulnerability', but has been updated to better reflect the issue and the underlying vulnerable component.


Privacy Statement
Copyright 2010, SecurityFocus