Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone.
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
| Link | Tags |
|---|---|
| http://secunia.com/advisories/26439 | patch vendor advisory third party advisory |
| http://www.us-cert.gov/cas/techalerts/TA07-226A.html | third party advisory us government resource |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=575 | third party advisory |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2152 | signature vdb entry |
| http://www.vupen.com/english/advisories/2007/2872 | vdb entry vendor advisory |
| http://www.securitytracker.com/id?1018566 | vdb entry |
| http://www.kb.cert.org/vuls/id/558648 | third party advisory us government resource |
| http://www.securityfocus.com/bid/25287 | patch vdb entry |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-048 | vendor advisory |