#210 RSSBandit causes viruses to launch while downloading updates


RSSBandit will allow a virus payload to launch on the
machine while downloading RSS feeds. For instance if
the thread posting has a URL which has a virus payload
RSSBandit will launch this payload while downloading the
updates to the feeds. Also there is a security hole as
RSS allows images to automatically download inside of
the browser pane.

Producing an interface similar to that of Outlook 2003
which does not automatically render images or activeX
controls will increase security.


  • Torsten Rendelmann

    Logged In: YES

    I don't know/understand exactly what you mean: We do not
    automatically download any linked content from within an RSS
    Item post. We just load the xml feed file, nothing more.
    THe normal feed item detail pane allowes only images (that
    <could> be a security issue, sure) and frames. All
    other "active" content is disabled there. The security settings
    for the normal other browser windows are under user control:
    See Tools - Options - Web Browser Tab.

    See also my post at

  • Richard Callaby

    Richard Callaby - 2004-07-01

    Logged In: YES

    Please explain then the fact that I had a virus payload launch
    while downloading new RSS feeds. The message contained an
    URL to the payload and then virus launched quite soon
    afterwards. Could this be an aftereffect of an XSLT
    stylesheet issue. I mean it must translate that into HTML
    correct? To do this wouldn't that cause a virus payload to be
    activated. Fortunately this is a very rare occurance as I am
    sure I was and am the only one who was affected by this
    particular bug.

  • Torsten Rendelmann

    Logged In: YES

    For internal discussion and examine: can you provide a link to
    the particular feed for validation/test?

  • Richard Callaby

    Richard Callaby - 2004-07-02

    Logged In: YES

    Wish I could reproduce this link but I cannot as I asked the
    website responsible to remove the offending post as it would
    have caused a virus to spread. I do believe that this might
    have been a result of the Download.Ject vuluerablity found in

    This was initially found when visiting Channel9 when I started
    to download my feeds my antivirus went off informing me I
    was infected. The post contained a linked http address with a
    virus payload. I believe the problem may be with the XML to
    XSLT tranform when converting over to HTML. If RSSBandit
    uses Internet Explorer as its primary control to render HTMK
    pages then it would seem logical that RSSBandit would also
    suffer from download.ject as well.

    To reproduce this I would do the following:
    1. Produce a post on a secure blogging site (not connected
    to the Internet) with an HTTP link to a virus payload.
    2. Start RSSBandit and start to download this feed. When the
    download occurs it would be helpful to have a antivirus
    program on at the time.
    3. You should be able to see that the antivirus program
    caught the virus and deleted it. However for those without
    antivirus protection this would leave them vulunerable to this
    type of attack.

    This is the best way to reproduce what I believe what
    happened to me while using RSSBandit. It was a rare
    occurance that fortunately I stopped others from getting by
    asking for the infected post to be deleted.

  • Dare Obasanjo

    Dare Obasanjo - 2004-07-04

    Logged In: YES

    Since RSS Bandit uses Internet Explorer as its embedded web
    browser it is susceptible to any exploits that exist for
    Internet Explorer. The best I can suggest is that you keep an
    eye on http://www.microsoft.com/security and keep your
    machine up to date with the latest security crashes since
    these issues are out of our control.


Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks