Remote Code Execution Vulnerability in Hotmail Due to Improper JavaScript Filtering
CVE-2000-0085

Currently unrated

Key Information:

Vendor: Microsoft
Status: Hotmail
Vendor: CVE Published:; 4 January 2000

Summary

The vulnerability in Hotmail arises from insufficient filtering of JavaScript code within users' mailboxes. This flaw permits a remote attacker to execute arbitrary code by manipulating the LOWSRC or DYNRC parameters within the IMG tag. Users may be exploited without their knowledge, leading to potential data theft or unauthorized actions taken within their Hotmail accounts.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-...

x_refsource_MISC

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Jan 22, 2000
Vulnerability published
Jan 4, 2000