Hotmail web-based email service (when used with IE).
Yahoo web-based email service (when used with IE).
Note that many other web-based services may be vulnerable to this method of exploitation, as it is a completely new way to embed script.
Both Hotmail and Yahoo make tremendous efforts to sanitize incoming emails from potentially unsafe HTML content. Flawed filtering of such unsafe content may result in severe consequences that would occur as soon as a user opens an email for reading, including:
* Theft of login and password.
* Content disclosure of any email in the mailbox.
* Automatically send emails from the mailbox.
* Exploitation of known vulnerabilities in the browser to access the user's file system and eventually take over the machine.
* Distribution of a web-based email worm.
* Disclosure of all contacts within the address book.
Rest of this....