Unrated severityNVD Advisory· Published Sep 18, 2007· Updated Apr 23, 2026

CVE-2007-4960

Description

Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a '" ' (double-quote space) sequence followed by the -autologin and -loginuri arguments, which cause the handler to post login credentials and software installation details to an arbitrary URL.

Affected products

Linden Lab/Second Life
cpe:2.3:a:linden_lab:second_life:1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/26845nvdVendor Advisory
www.gnucitizen.org/blog/ie-pwns-secondlifenvd
www.securityfocus.com/archive/1/479698/100/0/threadednvd
www.vupen.com/english/advisories/2007/3188nvd
exchange.xforce.ibmcloud.com/vulnerabilities/36651nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000