##############################################################################
#
#  Yahoo! Messenger Notification Message HTML Injection Vulnerability
#
#  Copyright: OS2A and it's member companies
#
#  Date Written: 2007/01/30
#
#  $Revision: 1.2 $
#
#  $Log: os2a_yahoomsg_html_injection_609159.nasl,v $
#  Revision 1.2  2007/02/09 13:02:52  gnagendra
#  -Added CVE ID
#
#  Revision 1.1  2007/01/31 14:13:08  schandan
#  To Production. Issue #3590
#
#  Revision 1.1  2007/01/30 06:30:20  gnagendra
#  ------------------------------------------------------------------------
#  This program was written by OS2A and/or it's member companies and is
#  licensed under the GNU GPL license. Please see below for details. This
#  header contains information regarding licensing terms under the GPL, and
#  information regarding obtaining source code from the Author. Consequently,
#  pursuant to section 3(c) of the GPL, you must accompany the information
#  found in this header with any distribution you make of this Program.
#  ------------------------------------------------------------------------
##############################################################################


if(description)
{
 script_id(609159);
 script_bugtraq_id(22269);
 script_cve_id("CVE-2007-0768");
 script_copyright(english:"Copyright (C) 2007 OS2A");
 script_version("$Revision: 1.2 $");
 script_category(ACT_GATHER_INFO);
 script_family(english:"Misc.");
 script_name(english:"Yahoo! Messenger Notification Message HTML Injection Vulnerability");
 script_summary(english:"Check for vulnerable version of Yahoo! Messenger");
 desc["english"] = "
 Overview : This host has Yahoo! Messenger installed, which is prone to HTML
 injection vulnerability.

 This flaw is due to the failure of the application to properly sanitize user
 supplied inputs passed to the First Name, Last Name and Nickname fields in
 the contact details option when displaying status notification messages to
 the user in a chat box.

 Impact : Successful exploitation allows remote attackers to execute arbitrary
 script code in the context of a victims Internet Explorer temporary folder by
 inputting specially crafted image tags in the aforementioned fields, tricking
 a target user into adding the attacker to the messenger list, sending a
 message to the target user, and then changing the status e.g. from available
 to invisible to everyone and steal information and launch other attacks.

 Scope of impact is restricted to application level.

 Affected Software : Yahoo! Messenger versions 8.1.0.209 and prior.

 Affected Platform : Windows (Any)

 Solution : No vendor supplied patch/update available as on 31st January 2007.
 Information regarding this issue will be updated once the solution details
 are available.
 For updates, http://messenger.yahoo.com/

 References : http://www.securityfocus.com/archive/1/458225

 CVSS Score :
	CVSS Base Score     : 2.5 (AV:R/AC:H/Au:R/C:P/I:P/A:N/B:I)
	CVSS Temporal Score : 2.3
 Risk factor : Medium";
 script_description(english:desc["english"]);
 script_dependencies("smb_hotfixes.nasl", "os2a_yahoomsg_version_600289.nasl");
 script_require_keys("SMB/WindowsVersion", "Yahoo/Messenger/Version");
 exit(0);
}


 if(!get_kb_item("SMB/WindowsVersion")){
        exit(0);
 }

 if(egrep(pattern:"^([0-7]\..*|8\.(0\..*|1\.0\.([0-1]?[0-9]?[0-9]|20[0-9])))$",
	  string:get_kb_item("Yahoo/Messenger/Version"))){
 	 security_warning(0);
 }