Vulnerabilities > CVE-2007-4960 - Cryptographic Issues vulnerability in Linden LAB Second Life 1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' (double-quote space) sequence followed by the -autologin and -loginuri arguments, which cause the handler to post login credentials and software installation details to an arbitrary URL.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
References
- http://secunia.com/advisories/26845
- http://secunia.com/advisories/26845
- http://www.gnucitizen.org/blog/ie-pwns-secondlife
- http://www.gnucitizen.org/blog/ie-pwns-secondlife
- http://www.securityfocus.com/archive/1/479698/100/0/threaded
- http://www.securityfocus.com/archive/1/479698/100/0/threaded
- http://www.vupen.com/english/advisories/2007/3188
- http://www.vupen.com/english/advisories/2007/3188
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36651
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36651