Re: AIM forced behavior "issue" Re:ICQ and MSIE allow execution of arbitrary code

[<rwertenb () mit edu>]

In-Reply-To: <002901c22e2d$733822e0$6401a8c0@BOJO>

FYI: This vulnerability affects older versions of AIM on 
the Macintosh as well.  I am running 4.3.1232 and the 
test (http://www.mindflip.org/aimrefresh/) was able to 
add buddies when I was logged in.  

When I logged out and retested I received an error 
message stating the process required me to log in and 
that if I stored my password this could happen 
automatically in the future.  

Yet another reason not to have applications remember 
passwords.