<<< Date Index >>>     <<< Thread Index >>>

America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution



Sorry for the brief post but Im still able to bypass filters that aol has put 
in place.  So again with frustration I come to FD to imply pressure on a 
company to patch correct.  From reading feedback from AOL they feel the 
vulnerability is put to bed and requires no more attention.

I am not posting 0day PoC only currently patched examples.  

Do not use any AIM 6 or higher client.

old PoC 
http://before0day.com/Lists/Posts/Post.aspx?ID=3


references
http://www.wired.com/politics/security/news/2007/12/aim_hack

http://www.pronetworks.org/index.php/software-and-betas-news/847#comment-199

http://talkback.zdnet.com/5208-12691-0.html?forumID=1&threadID=41986&messageID=785355&start=-1



Michael Evanchik
http://before0day.com