Summary
This host is installed with Lunascape Browser and is prone to Address Bar Spoofing vulnerability.
Impact
Successful exploitation lets the attackers to spoof parts of the address bar and modify page content on a host that a user may consider partly trusted.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
Address bar can be spoofed via 'window.open()' with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
Affected
Lunascape version 5.1.3 and 5.1.4 on Windows.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-3005 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Win)
- Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
- AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability
- Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
- Adobe Flash Player/Air Multiple Vulnerabilities -feb10 (Linux)