QlikView < 11.20 SR1 qvw File Format Parser Integer Overflow

High Nessus Plugin ID 65811


The remote Windows host has an application that is affected by a remote integer overflow vulnerability.


The version of QlikView is prior to 11.2 SR1 (11.20.11718). As such, it is affected by an integer overflow vulnerability that exists in the '.qvw' file format parser.

An attacker could exploit this issue by tricking a user into opening a specially crafted file, resulting in arbitrary code execution.


Upgrade to QlikView 11.20 SR1 (11.20.11718) or later.

See Also




Plugin Details

Severity: High

ID: 65811

File Name: qlikview_11_20_sr1.nasl

Version: $Revision: 1.2 $

Type: local

Agent: windows

Family: Windows

Published: 2013/04/04

Modified: 2017/02/08

Dependencies: 65810

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:qlik:qlikview

Required KB Items: SMB/Registry/Enumerated, SMB/qlikview/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/03/06

Vulnerability Publication Date: 2013/03/13

Reference Information

BID: 58463

OSVDB: 91233