Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' (double-quote space) sequence followed by the -autologin and -loginuri arguments, which cause the handler to post login credentials and software installation details to an arbitrary URL.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Second Life URI处理器敏感信息泄露漏洞
Vulnerability Description
Second Life是一种基于网络的虚拟现实游戏。 Second Life安装的URI处理器实现机制上存在漏洞,远程攻击者可能利用此漏洞通过诱使用户访问恶意网页获取用户的敏感信息。SecondLife注册的secondlife:// URI处理器允许网站指定任意参数调用它,比如用于认证的"-autologin"和"-loginuri"参数,这样如果用户访问了带有恶意命令的网页,客户端会向发生命令的网页发送登录凭证及安装软件。
CVSS Information
N/A
Vulnerability Type
N/A