Bugtraq mailing list archives

AOL Instant Messenger

From: daniels () KAREMOR COM (Daniel P. Stasinski)
Date: Mon, 8 May 2000 11:08:44 -0700


When sending a file to someone using AOL's Instant Messenger
program, the entire local path of your file is shown to the
recipient.  Not only is this an invasion of privacy, it also
opens the door to known security holes in web browsers where
access can be gained to specific files provided that you know the
full path to those files, or guessed file names in that same
path.

AOL has not responded to my direct reports.

Daniel

Current thread:

Re: glibc resolver weakness Steven M. Bellovin (May 03)
- Re: glibc resolver weakness D. J. Bernstein (May 06)
- Re: glibc resolver weakness Gary Ellison (May 08)
- AOL Instant Messenger Daniel P. Stasinski (May 08)
  - Re: AOL Instant Messenger Oppenheimer, Max (May 09)
- New Allaire Security Zone Bulletin Posted Aleph One (May 08)
- Advisory: Netopia R9100 router vulnerability Stephen Friedl (May 08)
  - Re: Advisory: Netopia R9100 router vulnerability Gary L. Burnore (May 09)
    - Re: Advisory: Netopia R9100 router vulnerability Rob Tashjian (May 10)
    - Microsoft Security Bulletin (MS00-031) Microsoft Product Security (May 10)
    - Re: Advisory: Netopia R9100 router vulnerability Jeffrey Paul (May 13)
  - "ClientSideTrojan" bug Kragen Sitaker (May 09)
    - Re: "ClientSideTrojan" bug David L. Nicol (May 11)
    - Re: "ClientSideTrojan" bug Magosanyi Arpad (May 16)

(Thread continues...)