Vulnerability CVE-2007-0706

Vulnerability CVE-2007-0706

Published: 2007-02-03 Modified: 2012-02-12

Description:

Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Fenrir -> Darksky rss bar

References:

http://www.vupen.com/english/advisories/2007/0365

http://www.fenrir.co.jp/press/20070126_2.html

http://jvn.jp/jp/JVN%2393700808/index.html

Copyright 2024, cxsecurity.com