| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041110152926.1763.qmail@www.securityfocus.com> Date: 10 Nov 2004 15:29:26 -0000 From: saudi linux <ksa2ksa@...oo.com> To: bugtraq@...urityfocus.com Subject: Hotfoon Ver 4.0 Highv Risk What is Hotfoon? Hotfoon is a new type of Internet telephony that is very inexpensive, easy to setup and use. Hotfoon's current service enables you to: Make long distance calls at near local rates. Talk to other Hotfoon users for free. Ver:4.0 APP web site :http://www.hotfoon.com/ ========================================================================== vuln the attacker can exploit chat with user by send a link to random user and hoyfoon directly open the link in IE or the web broser whithout alert user. ========================================================================== exploit 1)open hotfoon program 2)select chat to random user 3)in chat window ,send the URL that contains bad code such as ( XSS,IE exploit,or EXE file with webdownloader ..etc ) 4)the web broser or IE (tested in IE) will directly open the link without alert user. ========================================================================== Saudi Linux
Powered by blists - more mailing lists