|
|
Family: Windows --> Category: infos
FeedDemon < 2.0.0.25 Active Script Code Execution Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks version of FeedDemon
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote Windows application may allow execution of arbitrary Active
Script code.
Description :
FeedDemon, an RSS reader for Windows, is installed on the remote host.
According to the Windows registry, the installed version of FeedDemon
fails to sanitize RSS feeds of Active Script code. A possible hacker may be
able to exploit this issue to inject arbitrary script into the
affected application, which could lead to various cross-site scripting
attacks.
See also :
http://nick.typepad.com/blog/2006/08/feed_security_a_1.html
http://nick.typepad.com/blog/2006/08/ann_feeddemon_2.html
Solution :
Upgrade to FeedDemon 2.0.0.25 or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
