National Rail Live Enquiries Departure Board Gadget Vulnerability
- Published: 24 Apr 2008
National Rail Live Enquiries Departure Board Gadget Vulnerability
Share
Type
- National Rail Live Enquiries Departure Board Gadget Vulnerability
Severity
- High
Affected products
- National Rail Live Departure Board Windows® Vista™ Gadget
Date
- 2008-04-24
CVE Reference
- N/A
The National Rail Live Departure Board gadget has been identified as being vulnerable to a script injection attack that could potentially allow remote attackers to execute commands on the target system. An attacker successfully exploiting this vulnerability could execute arbitrary commands in the context of the current logged in user.
The National Rail Live Departure Board Sidebar gadget vulnerability is present because of a lack of sufficient sanitisation on arguments passed from the web server to the Sidebar gadget application.
The vendor has addressed this vulnerability and implemented a fix in version 1.1. This version has yet to be tested.
National Rail Live Enquiries Departure Board Gadget upgrade can be found in the following location:- http://gallery.live.com/LiveItemDetail.aspx?li=aef90e44-18cf-4246-b1d9-4ab83e0e13db