Date: 10 Nov 2004 15:29:26 -0000
From: saudi linux <ksa2ksa@yahoo.com>
To: bugtraq@securityfocus.com
Subject: Hotfoon Ver 4.0 Highv Risk
What is Hotfoon?
Hotfoon is a new type of Internet telephony that is very inexpensive, easy to setup and use.
Hotfoon's current service enables you to:
Make long distance calls at near local rates.
Talk to other Hotfoon users for free.
Ver:4.0
APP web site :http://www.hotfoon.com/
vuln
the attacker can exploit chat with user by send a link to random user and hoyfoon directly open the link in IE or the web broser
whithout alert user.
exploit
1)open hotfoon program
2)select chat to random user
3)in chat window ,send the URL that contains bad code such as ( XSS,IE exploit,or EXE file with webdownloader ..etc )
4)the web broser or IE (tested in IE) will directly open the link without alert user.
Saudi Linux
