[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Hotfoon Ver 4.0 Highv Risk
From: saudi linux <ksa2ksa () yahoo ! com>
Date: 2004-11-10 15:29:26
Message-ID: 20041110152926.1763.qmail () www ! securityfocus ! com
[Download RAW message or body]
What is Hotfoon?
Hotfoon is a new type of Internet telephony that is very inexpensive, easy to setup \
and use. Hotfoon's current service enables you to:
Make long distance calls at near local rates.
Talk to other Hotfoon users for free.
Ver:4.0
APP web site :http://www.hotfoon.com/
==========================================================================
vuln
the attacker can exploit chat with user by send a link to random user and hoyfoon \
directly open the link in IE or the web broser whithout alert user.
==========================================================================
exploit
1)open hotfoon program
2)select chat to random user
3)in chat window ,send the URL that contains bad code such as ( XSS,IE exploit,or EXE \
file with webdownloader ..etc ) 4)the web broser or IE (tested in IE) will directly \
open the link without alert user. \
==========================================================================
Saudi Linux
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic