Lucene search

[email protected]NVD:CVE-2008-7037

HistoryAug 24, 2009 - 10:30 a.m.

CVE-2008-7037

2009-08-2410:30:01

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title response.

Affected configurations

Nvd

Node

itnitn_news_gadgetMatch1.06

AND

microsoftwindows_vista

VendorProductVersionCPE
itnitn_news_gadget1.06cpe:2.3:a:itn:itn_news_gadget:1.06:*:*:*:*:*:*:*
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
itn	itn_news_gadget	1.06	cpe:2.3:a:itn:itn_news_gadget:1.06:::::::*
microsoft	windows_vista	*	cpe:2.3:o:microsoft:windows_vista::::::::

References

www.mwrinfosecurity.com/publications/mwri_itn-news-gadget-advisory_2008-02-04.pdf

www.securityfocus.com/bid/27725

exchange.xforce.ibmcloud.com/vulnerabilities/43563

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

Related for NVD:CVE-2008-7037

cvelist1 cve1 prion1