Yahoo! Messenger Notification Message HTML Injection Vulnerability
BID:22269
Info
Yahoo! Messenger Notification Message HTML Injection Vulnerability
| Bugtraq ID: | 22269 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0768 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 26 2007 12:00AM |
| Updated: | May 12 2015 07:35PM |
| Credit: | Hai Nam Luke is credited with the discovery of this vulnerability. |
| Vulnerable: |
Yahoo! Messenger 8.0 Yahoo! Messenger 7.5 .814 Yahoo! Messenger 7.0 .438 Yahoo! Messenger 6.0 .0.1921 Yahoo! Messenger 6.0 .0.1750 Yahoo! Messenger 6.0 .0.1643 Yahoo! Messenger 6.0 Yahoo! Messenger 5.6 .0.1358 Yahoo! Messenger 5.6 .0.1356 Yahoo! Messenger 5.6 .0.1355 Yahoo! Messenger 5.6 .0.1351 Yahoo! Messenger 5.6 .0.1347 Yahoo! Messenger 5.6 Yahoo! Messenger 5.5 .1249 Yahoo! Messenger 5.5 Yahoo! Messenger 5.0 .1232 Yahoo! Messenger 5.0 .1065 Yahoo! Messenger 5.0 .1046 Yahoo! Messenger 5.0 Yahoo! Messenger 4.0 Yahoo! Messenger 8.1.0.29 Yahoo! Messenger 8.1.0.209 Yahoo! Messenger 8.0.0.863 Yahoo! Messenger 8.0 2005.1.1.4 Yahoo! Instant Messenger 3.5 Yahoo! Instant Messenger build 734 Yahoo! Instant Messenger build 733 |
| Not Vulnerable: | |
Discussion
Yahoo! Messenger Notification Message HTML Injection Vulnerability
Yahoo! Messenger is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the context of a victim's Internet Explorer temporary folder. This may help the attacker steal information and launch other attacks.
Versions prior to 2.1.0.29 are vulnerable to this issue.
Yahoo! Messenger is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the context of a victim's Internet Explorer temporary folder. This may help the attacker steal information and launch other attacks.
Versions prior to 2.1.0.29 are vulnerable to this issue.
Exploit / POC
Yahoo! Messenger Notification Message HTML Injection Vulnerability
An attacker can exploit this issue with a Yahoo! Messenger client application.
The following proof of concept is available:
1. Firstname: example example example example ? ( as long as victim cant see the lastname)
2. Lastname: <img src="javascript:alert('Executed from ' + top.location)" >
3. Request to add victim ID to your contact list.
4. Once victim accepts your request, send him a message and change your online status (Available -> Invisible)
An attacker can exploit this issue with a Yahoo! Messenger client application.
The following proof of concept is available:
1. Firstname: example example example example ? ( as long as victim cant see the lastname)
2. Lastname: <img src="javascript:alert('Executed from ' + top.location)" >
3. Request to add victim ID to your contact list.
4. Once victim accepts your request, send him a message and change your online status (Available -> Invisible)
Solution / Fix
Yahoo! Messenger Notification Message HTML Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Yahoo! Messenger Notification Message HTML Injection Vulnerability
References:
References:
- Yahoo! Messenger Product Page (Yahoo!)
- Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger ([email protected])
- RE: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger (Ahmed Sheipani
- Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger ([email protected])