LISTSERV - GAMBIA-L Archives - LISTSERV.ICORS.ORG

GAMBIA-L Archives

The Gambia and Related Issues Mailing List

GAMBIA-L@LISTSERV.ICORS.ORG

	LISTSERV Archives
	GAMBIA-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Computer securities...
From:	Malanding Jaiteh <[log in to unmask]>
Reply To:	The Gambia and related-issues mailing list <[log in to unmask]>
Date:	Fri, 16 Jun 2006 15:33:26 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (88 lines)

FYI

Malanding

Courtesy of http://www.kb.cert.org/vuls/id/817108

Vulnerability Note VU#817108

Yahoo! Mail script injection vulnerability

Overview

A script injection vulnerability exists in Yahoo! Mail.

I. Description

Yahoo! Mail is vulnerable to script injection. Specifically, Yahoo! Mail
fails to properly filter the body of email messages for script code. If
a remote attacker can persuade a user to open a specially crafted email
message, that attacker may be able to execute arbitrary script in the
security context of victim user on the client system.

Not that exploit code for this vulnerability is publicly available.

II. Impact

An attacker may be able to obtain sensitive data from a Yahoo! Mail
account, such as cookies, email messages, and email addresses stored in
the Yahoo Mail address book.

III. Solution

Yahoo is addressing this issue by filtering Yahoo! Mail email for
suspicious content.

Systems Affected

Vendor Status Date Updated
Yahoo, Inc. <http://www.kb.cert.org/vuls/id/JGEI-6QRQPK> Vulnerable
14-Jun-2006

References

[log in to unmask]" target="_blank">http:[log in to unmask]
http://isc.sans.org/diary.php?storyid=1398

Credit

This vulnerability was reported by David Loyall.

This document was written by Jeff Gennari.

Other Information

Date Public 06/11/2006
Date First Published 06/14/2006 03:34:29 PM
Date Last Updated 06/14/2006
CERT Advisory
CVE Name
Metric 17.48
Document Revision 43

If you have feedback, comments, or additional information about this
vulnerability, please send us email.
<mailto:[log in to unmask]>

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
To unsubscribe/subscribe or view archives of postings, go to the Gambia-L Web interface
at: http://listserv.icors.org/archives/gambia-l.html

To Search in the Gambia-L archives, go to: http://listserv.icors.org/SCRIPTS/WA-ICORS.EXE?S1=gambia-l
To contact the List Management, please send an e-mail to:
[log in to unmask]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG