FeedDemon < 2.0.0.25 Atom Feed Active Script Code Execution

This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows application may allow execution of arbitrary Active
Script code.

Description :

According to the Windows registry, the version of FeedDemon, an RSS
reader for Windows, installed on the remote host is affected by a flaw
due to improper sanitization of RSS feeds of Active Script code. An
attacker can exploit this issue to inject arbitrary script into the
affected application, which can lead to various cross-site scripting
attacks.

See also :

http://nick.typepad.com/blog/2006/08/feed_security_a_1.html
http://nick.typepad.com/blog/2006/08/ann_feeddemon_2.html

Solution :

Upgrade to FeedDemon version 2.0.0.25 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:U/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 22414 (feeddemon_20025.nasl)

Bugtraq ID: 20114

CVE ID: CVE-2006-4710

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now