A web-borne vulnerability lurking in a popular email application seriously compromised the security of 40 million accounts until it was fixed early last month, independent researchers said.
The flaw, in the Memova messaging application sold by a company known as Critical Path, is yet another testament to the awesome power of XSS, or cross site scripting, vulnerabilities. Combined with another bug, it allowed attackers to surreptitiously forward the email of millions of end-users from some of Europe’s biggest internet service providers.
"The attacker only needs to send a specially crafted email to his victim," independent researchers Rosario Valotta and Matteo Carli wrote in an advisory. "As soon as the victim opens the mail (no further interaction required) the forwarding settings of his webmail account of silently modified."
A video of Proof of Concept: http://www.theregister.co.uk/2009/03/26/critical_path_webmail_vuln/