Lucene search

[email protected]CVE-2007-3033

HistoryAug 14, 2007 - 10:17 p.m.

CVE-2007-3033

2007-08-1422:17:00

CWE-79

[email protected]

web.nvd.nist.gov

"cve-2007-3033

windows vista

xss

vulnerability

remote code execution"

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.959 High

EPSS

Percentile

99.4%

JSON

Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone.

CPENameOperatorVersion
microsoft:windows_vistamicrosoft windows vistaeq*

CPE	Name	Operator	Version
microsoft:windows_vista	microsoft windows vista	eq	*

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=575

secunia.com/advisories/26439

www.kb.cert.org/vuls/id/558648

www.securityfocus.com/bid/25287

www.securitytracker.com/id?1018566

www.us-cert.gov/cas/techalerts/TA07-226A.html

www.vupen.com/english/advisories/2007/2872

docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-048

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2152

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.959 High

EPSS

Percentile

99.4%

JSON

Related for CVE-2007-3033

seebug1 cert1 checkpoint_advisories2 prion1 securityvulns3 nessus1