Jump to content

Build Theme!
  • Infected?


Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92780 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Yahoo/hotmail Web Based Mail Exploit

  • Please log in to reply
No replies to this topic

#1 Galadriel


    CEO - Chief Elvish Officer

  • Visiting Fellow
  • PipPipPipPip
  • 528 posts

Posted 23 March 2004 - 12:03 PM

Affected applications:

Hotmail web-based email service (when used with IE).
Yahoo web-based email service (when used with IE).

Note that many other web-based services may be vulnerable to this method of exploitation, as it is a completely new way to embed script.

Both Hotmail and Yahoo make tremendous efforts to sanitize incoming emails from potentially unsafe HTML content. Flawed filtering of such unsafe content may result in severe consequences that would occur as soon as a user opens an email for reading, including:

* Theft of login and password.
* Content disclosure of any email in the mailbox.
* Automatically send emails from the mailbox.
* Exploitation of known vulnerabilities in the browser to access the user's file system and eventually take over the machine.
* Distribution of a web-based email worm.
* Disclosure of all contacts within the address book.

Rest of this....
I amar prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel

'The world is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'


Register to Remove

Related Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users