Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1186

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2005-1186
Last Modified 05 Sep 2008 04:48:28
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-1186

Summary

Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com domain to the Trusted Sites zone in Internet Explorer, which allows systems in the domain to conduct unauthorized activities, as demonstrated using cross-site scripting (XSS) attacks.

Vulnerable Systems

Application

  • Musicmatch Jukebox 10.00.2047


References

MISC - http://www.hyperdose.com/advisories/H2005-04.txt

SECTRACK - 1013718

BUGTRAQ - 20050414 Trusted Site Cross Site Scripting Elevation of Privilege in Musicmatch

XF - jukebox-mmfwlaunch-gain-privileges(20129)


Last Updated: 27 May 2016 10:40:04