Security flaw found in Hotmail

Thursday, 16 October 2003, 3:56 PM EST

Security company Finjan Software detected a security vulnerability in Microsoft's Hotmail Web-based e-mail service, which Microsoft has since closed, the companies said Wednesday.

The new security flaw, known as a cross-site scripting vulnerability, could be used to create an Internet worm that steals e-mail addresses from Hotmail users' accounts, captures credit card numbers, or installs Trojan horse programs, Finjan said.

The vulnerability exists in the way that Hotmail treats e-mail containing ActiveX controls, which are small, portable pieces of software code that enable programmers to embed sophisticated user interface elements into Web pages for use over a corporate intranet or the Internet. Hotmail content filters do not adequately block e-mail messages containing the controls, Finjan said.

In cross-site scripting attacks, malicious hackers embed attack code in Web pages or HTML e-mail messages. Once executed, cross-site scripting attacks can give attackers access to personal account or financial information or control over a remote machine.

[ Read more ]

Related items




Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //