CVE-2007-3033

Name of the Vulnerable Software and Affected Versions: Windows Vista Feed Headlines Gadget (affected versions not specified)

Description: A cross-site scripting (XSS) issue allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes. This is due to the gadget not properly removing these attributes, which are then rendered in the local zone. The issue could also enable a remote anonymous attacker to run code with the privileges of the logged on user.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.