Computer Security
[EN] securityvulns.ru no-pyccku


AOL Instant messenger code execution
updated since 26.09.2007
Published:24.12.2007
Source:
SecurityVulns ID:8192
Type:remote
Threat Level:
9/10
Description:Microsoft Internet Explorer control is used for HTML content rendering without limiting zone access.
Affected:AOL : Instant Messenger 6.1
 AOL : Instant Messenger 6.2
CVE:CVE-2007-4901 (Unspecified vulnerability in AOL Instant Messenger (AIM) 6.1.41.2 allows remote attackers to write arbitrary HTML to a notification window via unspecified vectors in circumstances "when the window of origin is not the main focus.")
Original documentdocumentevanchik_(at)_gmail.com, America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution (24.12.2007)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2007-0817: Remote Command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software (26.09.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod