CVE-2008-7037 Information

Description

The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista and possibly other versions before 1.23 allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title response.

Reference

http://www.mwrinfosecurity.com/publications/mwri_itn-news-gadget-advisory_2008-02-04.pdf http://www.securityfocus.com/bid/27725 https://exchange.xforce.ibmcloud.com/vulnerabilities/43563