CVE-1999-0750

Vulnerability

Hotmail allows remote attackers to execute JavaScript within email messages by embedding it within an HTML STYLE tag. This bypasses Hotmail's standard JavaScript filtering. The vulnerability affects users viewing these emails with Microsoft Internet Explorer 5.0 or Netscape Navigator 4.x browsers [1].

Exploitation

An attacker can craft an HTML email containing JavaScript within a STYLE tag. When a vulnerable user views this email in an affected browser, the embedded JavaScript will execute. The attacker needs to be able to send an email to the target user [1].

Impact

Successful exploitation allows an attacker to execute arbitrary commands within the user's Hotmail account. This can include actions such as reading emails, deleting emails, or tricking the user into revealing their password via a fake application. The scope of the compromise is limited to the user's Hotmail mailbox [1].

Mitigation

No specific patched version or release date is disclosed in the available references. Users are advised to be cautious of emails containing HTML formatting and to avoid clicking on suspicious links or entering credentials in unexpected prompts. It is not specified if this vulnerability is still present or has been addressed by Hotmail.