RSS Security Issues Discovered in ICQ
"Security problems found in the ICQ Toolbar v1.3 may allow attackers to control and change configuration settings and to inject scripting code in RSS feed contents and execute it in the contetxt of the feed interface (IE's Local Zone)"
I released a paper and gave a presentation at blackhat this year about these sorts of risk sand fully expect a flood of advisories in major products such as this.
My Blackhat Presentation Link: Zero Day Subscriptions: Using RSS and Atom Feeds As Attack Delivery Systems (Power Point)
Advisory Link: http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510
RSS Security Issues Repository Link: RSS Security
Comments
You can follow this conversation by subscribing to the comment feed for this post.
All Comments are Moderated and will be delayed!
Post a comment