Computer Security

Security Advisory: America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  AOL Instant messenger code execution

  CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software

From:evanchik_(at)_gmail.com <evanchik_(at)_gmail.com>
Date:24.12.2007
Subject:America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution

Sorry for the brief post but Im still able to bypass filters that aol has put in place.  So again with frustration I come to FD to imply pressure on a company to patch correct.  From reading feedback from AOL they feel the vulnerability is put to bed and requires no more attention.

I am not posting 0day PoC only currently patched examples.  

Do not use any AIM 6 or higher client.

old PoC
http://before0day.com/Lists/Posts/Post.aspx?ID=3


references
http://www.wired.com/politics/security/news/2007/12/aim_hack

http://www.pronetworks.org/index.php/software-and-betas-news/847#comment-199

http://talkback.zdnet.com/5208-12691-0.html?forumID=1&threadID=41986&mess
ageID=785355&start=-1



Michael Evanchik
http://before0day.com
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru