[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] AOL Instant Messenger AIM 6.0 or 6.5 Beta or higher local zone XSS

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] AOL Instant Messenger AIM 6.0 or 6.5 Beta or higher local zone XSS
From: "Michael Evanchik" <evanchik@xxxxxxxxx>
Date: Fri, 21 Dec 2007 18:18:18 -0500

Sorry for the brief post but Im still able to bypass filters that aol has
put in place.  So again with frustration I come to FD to imply pressure on a
company to patch correct.  From reading feedback from AOL they feel the
vulnerability is put to bed and requires no more attention.

I am not posting 0day PoC only currently patched examples.

Do not use any AIM 6 or higher client.

old PoC
http://before0day.com/Lists/Posts/Post.aspx?ID=3


references
http://www.wired.com/politics/security/news/2007/12/aim_hack

http://www.pronetworks.org/index.php/software-and-betas-news/847#comment-199

http://talkback.zdnet.com/5208-12691-0.html?forumID=1&threadID=41986&messageID=785355&start=-1


greets:
HaZe, illwill,kurupt


Michael Evanchik
http://before0day.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability
Next by Date: [Full-disclosure] Hikaru
Previous by thread: [Full-disclosure] [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability
Next by thread: [Full-disclosure] Hikaru
Index(es):
- Date
- Thread