Full Disclosure mailing list archives
AOL Instant Messenger AIM 6.0 or 6.5 Beta or higher local zone XSS
From: "Michael Evanchik" <evanchik () gmail com>
Date: Fri, 21 Dec 2007 18:18:18 -0500
Sorry for the brief post but Im still able to bypass filters that aol has put in place. So again with frustration I come to FD to imply pressure on a company to patch correct. From reading feedback from AOL they feel the vulnerability is put to bed and requires no more attention. I am not posting 0day PoC only currently patched examples. Do not use any AIM 6 or higher client. old PoC http://before0day.com/Lists/Posts/Post.aspx?ID=3 references http://www.wired.com/politics/security/news/2007/12/aim_hack http://www.pronetworks.org/index.php/software-and-betas-news/847#comment-199 http://talkback.zdnet.com/5208-12691-0.html?forumID=1&threadID=41986&messageID=785355&start=-1 greets: HaZe, illwill,kurupt Michael Evanchik http://before0day.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- AOL Instant Messenger AIM 6.0 or 6.5 Beta or higher local zone XSS Michael Evanchik (Dec 21)