Sleipnir Bar RSS Feature Unspecified Security Bypass Vulnerability

Bugtraq ID:	22253
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 26 2007 12:00AM
Updated:	Jan 29 2007 04:08PM
Credit:	Yousuke Hasegawa is credited with the discovery of this issue.
Vulnerable:	Fenrir & Co. Sleipnir RSS BAR 1.28 Fenrir & Co. Sleipnir 2.49 Fenrir & Co. Portable Sleipnir 2.45 Fenrir & Co. Darksky RSS Bar 1.28
Not Vulnerable:	Fenrir & Co. Darksky RSS Bar 1.29

Sleipnir Bar RSS Feature Unspecified Security Bypass Vulnerability

Sleipnir Bar is prone to a security-bypass vulnerability.

Successful exploits will allow remote attackers to execute script code within inadequate security zones in the context of a victim's browser. This may lead to other attacks.

This issue affects the following:

Sleipnir 2.49 and prior
Portable Sleipnir 2.45 and prior
RSS bar for Sleipnir 1.28 Release3 and prior.

Sleipnir Bar RSS Feature Unspecified Security Bypass Vulnerability

Attackers may exploit this issue by enticing victims into viewing a maliciously crafted RSS document.

Sleipnir Bar RSS Feature Unspecified Security Bypass Vulnerability

Solution:
The vendor has released updates to address this issue. Please see the references for more information.

Sleipnir Bar RSS Feature Unspecified Security Bypass Vulnerability

References:

• Fenrir & Co. Homepage (Fenrir & Co.)