CVE-2007-4960

Name of the Vulnerable Software and Affected Versions Linden Lab Second Life (affected versions not specified)

Description The issue allows remote attackers to obtain sensitive information by exploiting an argument injection vulnerability in the secondlife:// protocol handler. This is achieved by using a " " (double-quote space) sequence followed by the -autologin and -loginuri arguments, causing the handler to post login credentials and software installation details to an arbitrary URL, such as "/api/v1/login" or "/users/{id}". The username and password variables are vulnerable to injection. The checkPassword() function may be involved in the exploitation process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.