OSVDB ID: 100239

Title: Google Caja Escaped Letter Sequence Handling Arbitrary Code Execution

Info

Disclosure

Aug 21, 2013

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Nov 21, 2013

Description

Google Caja contains a flaw that is triggered when handling escaped letters such as 'de\u006Cete' as an identifier or a reserved word. This may allow a remote attacker to execute arbitrary code through unspecified means.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

It has been reported that this issue has been fixed. Upgrade to version r5632, or higher, to address this vulnerability.

Products

Google, Inc.

Caja

r5632
r5631

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/100239