Vulnerability Description
Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Vista | All versions |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=575
- http://secunia.com/advisories/26439PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/558648US Government Resource
- http://www.securityfocus.com/bid/25287Patch
- http://www.securitytracker.com/id?1018566
- http://www.us-cert.gov/cas/techalerts/TA07-226A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2007/2872Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-04
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=575
- http://secunia.com/advisories/26439PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/558648US Government Resource
- http://www.securityfocus.com/bid/25287Patch
- http://www.securitytracker.com/id?1018566
- http://www.us-cert.gov/cas/techalerts/TA07-226A.htmlUS Government Resource
FAQ
What is CVE-2007-3033?
CVE-2007-3033 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an R...
How severe is CVE-2007-3033?
CVE-2007-3033 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3033?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Vista.