AOL Instant messenger code execution
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
AOL Instant messenger code execution
updated since 26.09.2007
Published:
24.12.2007
Source:
BUGTRAQ
SecurityVulns ID:
8192
Type:
remote
Level:
9
/10
Description:
Microsoft Internet Explorer control is used for HTML content rendering without limiting zone access.
Affected:
AOL
:
Instant Messenger 6.1
AOL
:
Instant Messenger 6.2
CVE:
CVE-2007-4901
(Unspecified vulnerability in AOL Instant Messenger (AIM) 6.1.41.2 allows remote attackers to write arbitrary HTML to a notification window via unspecified vectors in circumstances "when the window of origin is not the main focus.")
Original document
evanchik_(at)_gmail.com
,
America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution
(
24.12.2007
)
CORE SECURITY TECHNOLOGIES ADVISORIES
,
CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software
(
26.09.2007
)
Discuss:
Read or add your comments to this news (0 comments)
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Enter your search terms
Web
securityvulns.com
Submit search form
