Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows Vista gadgets code execution
Published:15.08.2007
Source:
SecurityVulns ID:8045
Type:client
Threat Level:
7/10
Description:Code eexcution with "Contacts" and "Weather" gadgets.
Affected:MICROSOFT : Windows Vista
CVE:CVE-2007-3891 (Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes.)
 CVE-2007-3033 (Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone.)
 CVE-2007-3032 (Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported.)
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 08.14.07: Microsoft Windows Vista Sidebar RSS Feeds Gadget Cross Site Scripting Vulnerability (15.08.2007)
 documentMICROSOF, Microsoft Security Bulletin MS07-048 - Important Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123) (15.08.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod