Again a new vulnerability..
Hotmail and Yahoo have left open a security hole that could be exploited to create a self-mailing worm that, while not damaging, could clog internet mail servers, a security expert said this week. The vulnerability allows an attacker to create an email containing an HTML link that can act as a worm. If clicked by a user of one of the vulnerable Web-based e-mail services, the HTML code will execute, making it possible to manipulate the person's in-box and send email, said Matt Parcens, the independent software specialist who discovered the flaw. "The webworm has serious short-term danger, but less of a danger in the long term," he said in an email. "For the webworm to be active, a hole must exist on the same server that serves the mail. This limits the number of possible holes dramatically." If properly coded, the HTML link could forward itself to the sender of every email stored in the victim's in-box |
Source: AntiOnline
