Vulnerability Description
The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title response.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Itn | Itn News Gadget | 1.06 |
| Microsoft | Windows Vista | All versions |
Related Weaknesses (CWE)
References
- http://www.mwrinfosecurity.com/publications/mwri_itn-news-gadget-advisory_2008-0
- http://www.securityfocus.com/bid/27725
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43563
- http://www.mwrinfosecurity.com/publications/mwri_itn-news-gadget-advisory_2008-0
- http://www.securityfocus.com/bid/27725
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43563
FAQ
What is CVE-2008-7037?
CVE-2008-7037 is a vulnerability with a CVSS score of 7.5 (HIGH). The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrar...
How severe is CVE-2008-7037?
CVE-2008-7037 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-7037?
Check the references section above for vendor advisories and patch information. Affected products include: Itn Itn News Gadget, Microsoft Windows Vista.