NewsGlue and Ikinari Jijyoutsuu arbitrary script execution vulnerability


NewsGlue and Ikinari Jijyoutsuu are RSS readers. An arbitrary script embedded in RSS feeds could be executed in either of the RSS readers, as they fail to handle the output of RSS information properly.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.4 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products

Glue Software Corporation
  • NewsGlue 1.3.3 and earlier
  • IKINARI JIJYOU version 1.0.0 and 1.0.1


An arbitrary script could be executed in NewsGlue or Ikinari Jijyoutsuu. Arbitrary files on client PCs could be accessed by an attacker.

Vendor Information

Glue Software Corporation SOURCENEXT CORPORATION
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2007-1610
  2. CVE-2007-1611

  1. JVN : JVN#64227086
  2. National Vulnerability Database (NVD) : CVE-2007-1610
  3. National Vulnerability Database (NVD) : CVE-2007-1611
  4. Secunia Advisory : SA24603
  5. SecurityFocus : 23094
  6. ISS X-Force Database : 33166
  7. FrSIRT Advisories : FrSIRT/ADV-2007-1074
Revision History

  • [2008/05/21]
      Web page published