Yahoo! Mail Vulnerable to Hackers

from Ynet News

A security vulnerability exposes Yahoo! Mail private mailboxes to hackers. A test conducted by security company Avnet shows hackers may gain access to Yahoo!Mail users' mailboxes by sending an email message with a malicious code.

According to further tests conducted by Ynet, and without disclosing the process, a new email account was opened. An email message was sent to that mailbox along with an html file with the malicious code, as an attachment. Opening the tainted email on Internet Explorer undetectably sends the user's cookie to the hacker's server. The user is exposed to the vulnerability without having to download or open the html file.

At this point, the hacker can retrieve the cookie from the remote server, and gain full access to the user's mail box, with no time limit. The hacker may read and send emails from the mailbox.