Vulnerability Details CVE-2007-3033
Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.423
EPSS Ranking 97.4%
CVSS Severity
CVSS v2 Score 4.3
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=575
- http://secunia.com/advisories/26439
- http://www.kb.cert.org/vuls/id/558648
- http://www.securityfocus.com/bid/25287
- http://www.securitytracker.com/id?1018566
- http://www.us-cert.gov/cas/techalerts/TA07-226A.html
- http://www.vupen.com/english/advisories/2007/2872
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-048
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2152
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=575
- http://secunia.com/advisories/26439
- http://www.kb.cert.org/vuls/id/558648
- http://www.securityfocus.com/bid/25287
- http://www.securitytracker.com/id?1018566
- http://www.us-cert.gov/cas/techalerts/TA07-226A.html
- http://www.vupen.com/english/advisories/2007/2872
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-048
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2152
Products affected by CVE-2007-3033
-
cpe:2.3:o:microsoft:windows_vista:-