VULHUB ™

Yahoo! Messenger是一款流行的即时通信程序。 Yahoo! Messenger处理通知消息缺少过滤，远程攻击者可以利用漏洞进行跨站脚本攻击，获得目标用户敏感信息。 Hai Nam Luke发现问题存在对对话框中，自动通知消息如?Hai Nam Luke has signed out. (1/26/2007 10:03 PM)? or ?Hai Nam Luke has signed back in. (1/26/2007 10:04 PM)?可被注入恶意脚本，Yahoo Messenger使用Internet Explorer显示消息，恶意脚本将以本地特权在IE临时目录中执行，导致敏感信息泄露。 Yahoo! Messenger 8.0 Yahoo! Messenger 7.5 .814 Yahoo! Messenger 7.0 .438 Yahoo! Messenger 6.0 .0.1921 Yahoo! Messenger 6.0 .0.1750 Yahoo! Messenger 6.0 .0.1643 Yahoo! Messenger 6.0 Yahoo! Messenger 5.6 .0.1358 Yahoo! Messenger 5.6 .0.1356 Yahoo! Messenger 5.6 .0.1355 Yahoo! Messenger 5.6 .0.1351 Yahoo! Messenger 5.6 .0.1347 Yahoo! Messenger 5.6 Yahoo! Messenger 5.5 .1249 Yahoo! Messenger 5.5 Yahoo! Messenger 5.0 .1232 Yahoo! Messenger 5.0 .1065 Yahoo! Messenger 5.0 .1046 Yahoo! Messenger 5.0 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME...

Yahoo! Messenger是一款流行的即时通信程序。 Yahoo! Messenger处理通知消息缺少过滤，远程攻击者可以利用漏洞进行跨站脚本攻击，获得目标用户敏感信息。 Hai Nam Luke发现问题存在对对话框中，自动通知消息如?Hai Nam Luke has signed out. (1/26/2007 10:03 PM)? or ?Hai Nam Luke has signed back in. (1/26/2007 10:04 PM)?可被注入恶意脚本，Yahoo Messenger使用Internet Explorer显示消息，恶意脚本将以本地特权在IE临时目录中执行，导致敏感信息泄露。 Yahoo! Messenger 8.0 Yahoo! Messenger 7.5 .814 Yahoo! Messenger 7.0 .438 Yahoo! Messenger 6.0 .0.1921 Yahoo! Messenger 6.0 .0.1750 Yahoo! Messenger 6.0 .0.1643 Yahoo! Messenger 6.0 Yahoo! Messenger 5.6 .0.1358 Yahoo! Messenger 5.6 .0.1356 Yahoo! Messenger 5.6 .0.1355 Yahoo! Messenger 5.6 .0.1351 Yahoo! Messenger 5.6 .0.1347 Yahoo! Messenger 5.6 Yahoo! Messenger 5.5 .1249 Yahoo! Messenger 5.5 Yahoo! Messenger 5.0 .1232 Yahoo! Messenger 5.0 .1065 Yahoo! Messenger 5.0 .1046 Yahoo! Messenger 5.0 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home Yahoo! Messenger 4.0 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows XP Home Yahoo! Messenger 8.0.0.863 Yahoo! Messenger 8.0 2005.1.1.4 Yahoo! Instant Messenger 3.5 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 Yahoo! Instant Messenger build 734 Yahoo! Instant Messenger build 733 目前没有解决方案提供,请关注以下链接： <a href="http://messenger.yahoo.com/" target="_blank">http://messenger.yahoo.com/</a>