A test conducted by Nir Goldshlager and Roni Bahar from the Israeli security company Avnet shows hackers may gain access to Yahoo!Mail users' mailboxes by sending an email message with a malicious code.
According to a test conducted by Ynet, and without disclosing the process, a new email account was opened. An email message was sent to that mailbox along with an html file with the malicious code, as an attachment.
Opening the tainted email on Internet Explorer undetectably sends the user's cookie to the hacker's server. The user is exposed to the vulnerability without having to download or open the html file.
Full access to users' mailboxes
At this point, the hacker can retrieve the cookie from the remote server, and gain full access to the user's mail box, with no time limit. The hacker may read and send emails from the mailbox.
The hacker cannot change the password from within the mailbox, since such an action requires entering the original password.
However, according to Goldshlager and Bahar, tools available online may be used to retrieve personal information from the cookie. The information may assist the hacker to use the password retrieval system, normally used by users who forgot their password. Alternatively, the hacker can exploit the vulnerability for performing phishing and by sending different malicious code, he can direct the user to enter his password in a site resembling Yahoo.
A user whose cookie was stolen may change his password, but it will still leave the hackers with access to parts of the mailbox, such as user's calendar.
Yahoo's spokeswoman, Kelley Podboy told Ynet: "Online security issues such as this bug are taken very seriously at Yahoo! We have developed a fix and are in the process of deploying it worldwide. Yahoo! Mail users will not be required to take any action to be protected from this exploit."