CVE-2008-7037

ITN News Gadget < 1.23 - Remote Code Execution via Short Title Response

Title source: llm
STIX 2.1

Description

The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title response.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43563
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27725

Scores

EPSS 0.0145
EPSS Percentile 70.3%

Details

CWE
CWE-20
Status published
Products (1)
itn/itn_news_gadget 1.06
Published Aug 24, 2009
Tracked Since Feb 18, 2026