3 matches found
[Full-disclosure] iDefense Security Advisory 08.14.07: Microsoft Windows Vista Sidebar RSS Feeds Gadget Cross Site Scripting Vulnerability
Microsoft Windows Vista Sidebar RSS Feeds Gadget Cross Site Scripting Vulnerability iDefense Security Advisory 08.14.07 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 14, 2007 I. BACKGROUND The Vista sidebar is a desktop extension that allows the user to keep a number of "gadgets",...
CVE-2007-3033
Cross-site scripting XSS vulnerability in Windows Vista Feed Headlines Gadget aka Sidebar RSS Feeds Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zo...
CVE-2007-3033
CVE-2007-3033 is a remote code execution/XSS vulnerability in the Windows Vista Feed Headlines Gadget (RSS Feeds Gadget). The issue arises from insufficient validation when parsing RSS feed HTML attributes; specially crafted HTML attributes in RSS items can be rendered in the local zone, enabling...