Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123) |
Informations | |||
---|---|---|---|
Name | MS07-048 | First vendor Publication | 2007-08-14 |
Vendor | Microsoft | Last vendor Modification | 2007-08-14 |
Severity (Vendor) | Important | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
This important security update resolves two privately reported vulnerabilities in addition to other vulnerabilities identified during the course of the investigation. These vulnerabilities could allow an anonymous remote attacker to run code with the priv |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/ms07-048.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:2071 | |||
Oval ID: | oval:org.mitre.oval:def:2071 | ||
Title: | Vulnerability in Weather Gadget. | ||
Description: | |||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-3891 | Version: | 5 |
Platform(s): | Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:2115 | |||
Oval ID: | oval:org.mitre.oval:def:2115 | ||
Title: | Vulnerability in Contacts Gadget. | ||
Description: | |||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-3032 | Version: | 5 |
Platform(s): | Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:2152 | |||
Oval ID: | oval:org.mitre.oval:def:2152 | ||
Title: | Vulnerability in Feed Headline Gadget. | ||
Description: | |||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-3033 | Version: | 5 |
Platform(s): | Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
36393 | Microsoft Windows Vista Weather Gadgets Crafted HTML Attribute Unspecified Issue |
36392 | Microsoft Windows Vista Contacts Gadget Crafted Contact Information Arbitrary... |
36391 | Microsoft Windows Vista Feed Headlines Gadgets RSS Feed XSS |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2007-08-16 | IAVM : 2007-T-0032 - Windows Vista Gadgets Remote Code Execution Vulnerabilities Severity : Category II - VMSKEY : V0014837 |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-29 | Microsoft Windows Vista contacts gadget code execution attempt RuleID : 43732 - Revision : 1 - Type : OS-WINDOWS |
2017-08-29 | Microsoft Windows Vista contacts gadget code execution attempt RuleID : 43731 - Revision : 1 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows Vista feed headlines cross-site scripting attack attempt RuleID : 19174 - Revision : 15 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows Vista Feed Headlines Gagdet code execution attempt RuleID : 15946 - Revision : 13 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-08-16 | Name : Arbitrary code can be executed on the remote host through Desktop Gadgets. File : smb_nt_ms07-048.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-04-26 17:59:54 |
|
2014-02-17 11:45:45 |
|
2014-01-19 21:30:07 |
|
2013-11-11 12:41:06 |
|
2013-05-11 12:22:03 |
|