Subject: | |
From: | |
Reply To: | |
Date: | Fri, 16 Jun 2006 15:33:26 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
FYI
Malanding
Courtesy of http://www.kb.cert.org/vuls/id/817108
Vulnerability Note VU#817108
Yahoo! Mail script injection vulnerability
Overview
A script injection vulnerability exists in Yahoo! Mail.
I. Description
Yahoo! Mail is vulnerable to script injection. Specifically, Yahoo! Mail
fails to properly filter the body of email messages for script code. If
a remote attacker can persuade a user to open a specially crafted email
message, that attacker may be able to execute arbitrary script in the
security context of victim user on the client system.
Not that exploit code for this vulnerability is publicly available.
II. Impact
An attacker may be able to obtain sensitive data from a Yahoo! Mail
account, such as cookies, email messages, and email addresses stored in
the Yahoo Mail address book.
III. Solution
Yahoo is addressing this issue by filtering Yahoo! Mail email for
suspicious content.
Systems Affected
Vendor Status Date Updated
Yahoo, Inc. <http://www.kb.cert.org/vuls/id/JGEI-6QRQPK> Vulnerable
14-Jun-2006
References
[log in to unmask]" target="_blank">http:[log in to unmask]
http://isc.sans.org/diary.php?storyid=1398
Credit
This vulnerability was reported by David Loyall.
This document was written by Jeff Gennari.
Other Information
Date Public 06/11/2006
Date First Published 06/14/2006 03:34:29 PM
Date Last Updated 06/14/2006
CERT Advisory
CVE Name
Metric 17.48
Document Revision 43
If you have feedback, comments, or additional information about this
vulnerability, please send us email.
<mailto:[log in to unmask]>
いいいいいいいいいいいいいいいいいいいいいいいいいいいいい
To unsubscribe/subscribe or view archives of postings, go to the Gambia-L Web interface
at: http://listserv.icors.org/archives/gambia-l.html
To Search in the Gambia-L archives, go to: http://listserv.icors.org/SCRIPTS/WA-ICORS.EXE?S1=gambia-l
To contact the List Management, please send an e-mail to:
[log in to unmask]
いいいいいいいいいいいいいいいいいいいいいいいいいいいいい
|
|
|