[Full-disclosure] AOL Instant Messenger AIM 6.0 or 6.5 Beta or higher local zone XSS
Michael Evanchik
evanchik at gmail.com
Fri Dec 21 23:18:18 GMT 2007
Sorry for the brief post but Im still able to bypass filters that aol has
put in place. So again with frustration I come to FD to imply pressure on a
company to patch correct. From reading feedback from AOL they feel the
vulnerability is put to bed and requires no more attention.
I am not posting 0day PoC only currently patched examples.
Do not use any AIM 6 or higher client.
old PoC
http://before0day.com/Lists/Posts/Post.aspx?ID=3
references
http://www.wired.com/politics/security/news/2007/12/aim_hack
http://www.pronetworks.org/index.php/software-and-betas-news/847#comment-199
http://talkback.zdnet.com/5208-12691-0.html?forumID=1&threadID=41986&messageID=785355&start=-1
greets:
HaZe, illwill,kurupt
Michael Evanchik
http://before0day.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071221/36333872/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.