SPI Dynamics WebInspect Cross Application Script Injection Vulnerability

WebInspect is vulnerable to a cross-application script injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied data prior to including it in content rendered in an Internet Explorer COM object.

This vulnerability allows attackers to execute arbitrary script code in the context of the vulnerable application. By exploiting the knowledge of predictable files on the targeted system, attackers may also cause arbitrary script code to be executed in the "Local Machine" zone, facilitating remote machine code installation and execution.


Privacy Statement
Copyright 2010, SecurityFocus