QlikView < 11.20 SR1 qvw File Format Parser Integer Overflow

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by a remote
integer overflow vulnerability.

Description :

The version of QlikView is prior to 11.2 SR1 (11.20.11718). As such,
it is affected by an integer overflow vulnerability that exists in the
'.qvw' file format parser.

An attacker could exploit this issue by tricking a user into opening a
specially crafted file, resulting in arbitrary code execution.

See also :

http://www.nessus.org/u?170e3559
http://seclists.org/bugtraq/2013/Mar/75
http://www.nessus.org/u?5064c356

Solution :

Upgrade to QlikView 11.20 SR1 (11.20.11718) or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 65811 ()

Bugtraq ID: 58463

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now