Remote Code Execution Vulnerability in Hotmail Due to Improper JavaScript Filtering
CVE-2000-0085

Currently unrated

Key Information:

Vendor: Microsoft
Status: Hotmail
Vendor: CVE Published:; 4 January 2000

What is CVE-2000-0085?

The vulnerability in Hotmail arises from insufficient filtering of JavaScript code within users' mailboxes. This flaw permits a remote attacker to execute arbitrary code by manipulating the LOWSRC or DYNRC parameters within the IMG tag. Users may be exploited without their knowledge, leading to potential data theft or unauthorized actions taken within their Hotmail accounts.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-...

x_refsource_MISC

EPSS Score

12% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Jan 22, 2000
Vulnerability published
Jan 4, 2000

Microsoft

What is CVE-2000-0085?

References

EPSS Score

Timeline