CVE-2004-1511

Vulnerability

Hotfoon 4.0 does not prompt the user before opening links received in chat messages. When a link is sent in a chat window, the application launches the default web browser (tested with Internet Explorer) without any alert or confirmation. This allows an attacker to send a malicious URL that can trigger XSS, exploit, or automatically download an executable file [1].

Exploitation

An attacker needs only to be able to send a chat message to a random user of Hotfoon 4.0. The steps are: (1) open the Hotfoon program, (2) select chat to any user, (3) send a URL containing malicious code (e.g., an XSS payload, an IE exploit, or a link to an executable with a web downloader), and (4) the victim's browser opens the link directly without any user warning [1].

Impact

Successful exploitation leads to arbitrary code execution in the context of the victim's web browser. The attacker can achieve remote code execution, information disclosure, or other browser-level compromises depending on the specific malicious URL used. The user receives no notification that a link is being opened [1].

Mitigation

No official fix or patched version has been disclosed in the available references. Users should be cautious of links received in Hotfoon 4.0 chat messages or consider using an alternative communication tool. No workaround is provided in the advisory [1].