ISSUE #1 POC Proof of Concept: ================= The vulnerability can be exploited by remote attackers with low privileged application user account and with low or medium required user inter action. For demonstration or reproduce ...
Betreff: Skype Support Network Subscription: 1 Update: Betreff: Skype is Hacked ! Win32.Trojan.Agent.Gen schleicht sich durch die Accounts |
Von: Community Mailer
|
Datum: 06.10.2012 16:04 |
An: rm01x |
You have 1 update for your Skype Support Network Subscriptions.
Subject: | Betreff: Skype is Hacked ! Win32.Trojan.Agent.Gen schleicht sich durch die Accounts |
Author: | Methu (New Member) |
Date: | 06-10-2012 16:04 |
Betreff: Einladung zum Besuch bei Skype Support Network |
Von:
rm01x |
Datum: Tue, 25 Sep 2012 15:32:34 -0700 (PDT) |
An: 01x445 <01x445@gmail.com> |
http://community.skype.com/skypec/board/message?board. id=de_computer_windows&message.id=6304#M6304
rm01x sagt:
>"<[PERSISTENT INJECTED MALICIOUS SCRIPT CODE!]/"> Note: The attacker can send the code via send to friends to hijack customer accounts or via problem reporter to a moderator or administrator of the skype community. The script code will be executed directly out of the unsanitized message body of the mail. The vulnerability also exists in the skype main server when requesting via automatically help or contact forms. The outgoing mail with the malicious script code as values can be send to users/customers or to the moderator/administrator.