CVE-2007-3486

Vulnerability

A reflected cross-site scripting (XSS) vulnerability exists in the AltaVista local search engine, which is deployed on many third-party websites (e.g., av.rbc.ru). The flaw resides in the text parameter of the search engine's main script. An attacker can embed arbitrary HTML or JavaScript in a crafted URL. This affects versions of the AltaVista local engine used before the vulnerability was addressed, with the issue reported on 2006-08-31 [1].

Exploitation

An attacker needs only network access to a site running the vulnerable AltaVista local search engine. No authentication or special privileges are required. The attacker crafts a URL such as http://site/?text= and entices a user to click it. The injected script executes in the victim's browser within the context of the vulnerable site [1].

Impact

Successful exploitation allows the attacker to execute arbitrary script in the victim's browser, potentially leading to cookie theft, session hijacking, defacement, or redirection to malicious sites. The attack affects the client-side security of the user and can compromise any data accessible through the browser session on the vulnerable website [1].

Mitigation

Website administrators using AltaVista's local search engine must sanitize or encode user input in the text parameter to prevent script injection. The reference notes that the site av.rbc.ru applied a fix with considerable delay after notification [1]. No official patch or advisory from AltaVista or Yahoo! (the parent company) is documented in the available reference, leaving individual site operators responsible for mitigation. Code reviews and output encoding are recommended.