Информационная безопасность
[RU] switch to English


Выполнение кода через гаджеты Microsoft Windows Vista (code execution)
Опубликовано:15 августа 2007 г.
Источник:
SecurityVulns ID:8045
Тип:клиент
Уровень опасности:
7/10
Описание:Выполнение кода через гаджеты "Контакты" и "Погода".
Затронутые продукты:MICROSOFT : Windows Vista
CVE:CVE-2007-3891 (Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes.)
 CVE-2007-3033 (Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone.)
 CVE-2007-3032 (Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported.)
Оригинальный текстdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 08.14.07: Microsoft Windows Vista Sidebar RSS Feeds Gadget Cross Site Scripting Vulnerability (15.08.2007)
 documentMICROSOF, Microsoft Security Bulletin MS07-048 - Important Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123) (15.08.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород