Vulnerability Details CVE-2005-3892
Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0658.html
- http://marc.info/?l=bugtraq&m=113261573023912&w=2
- http://secunia.com/advisories/17597/
- http://www.osvdb.org/21020
- http://www.securityfocus.com/bid/15520/
- http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0658.html
- http://marc.info/?l=bugtraq&m=113261573023912&w=2
- http://secunia.com/advisories/17597/
- http://www.osvdb.org/21020
- http://www.securityfocus.com/bid/15520/
Products affected by CVE-2005-3892
-
cpe:2.3:a:gadu-gadu:gadu-gadu_instant_messenger:7.20