AOH :: HP Unsorted Y :: C07-2137.HTM

Yahoo Messenger XSS, local privilege



Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger
Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger



DESCRIPTION:
I=92ve found a cross-site scripting vulnerability in Yahoo! Messenger, a popular advertisement-supported instant messaging client and protocol provided by Yahoo! Attacker can inject a malicious script with local privilege to Y!M notification message. 

The vulnerability is discovered in the chat dialog. The automatic notification message of Yahoo! Messenger, for instance =93Hai Nam  Luke has signed out. (1/26/2007 10:03 PM)=94 or =93Hai Nam Luke has signed back in. (1/26/2007 10:04 PM)=94 can be easily exploited with injecting a malicious script to. Script is disabled in chat messages but system notification messasage. That Yahoo Messenger uses Internet Explorer to display messages, the malicious script will be run with local privilege in the Internet Explorer Temporary Folder. This serious vulnerability could allow attacker gain the victim=92s system access.

Inject unexpected script also causes other Yahoo! Messenger=92s errors.

AFFECTED VERSION:
	Yahoo! Messenger 8.1.0.29 and previous versions

PROOF OF CONCEPT:
+ Firstname: Hai Nam Luke Hai Nam Luke Hai Nam Luke Hai Nam Luke =85 ( as long as victim cant see the lastname)
	+ Lastname:  
	+ Request to add victim ID to your contact list.
+ Once victim accepts your request, send him a message and change your online status (Available -> Invisible)

This vulnerability was reported to Yahoo!

Hai Nam Luke  
K46A - NEU

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.