America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution
Sorry for the brief post but Im still able to bypass filters that aol has put
in place. So again with frustration I come to FD to imply pressure on a
company to patch correct. From reading feedback from AOL they feel the
vulnerability is put to bed and requires no more attention.
I am not posting 0day PoC only currently patched examples.
Do not use any AIM 6 or higher client.
old PoC
http://before0day.com/Lists/Posts/Post.aspx?ID=3
references
http://www.wired.com/politics/security/news/2007/12/aim_hack
http://www.pronetworks.org/index.php/software-and-betas-news/847#comment-199
http://talkback.zdnet.com/5208-12691-0.html?forumID=1&threadID=41986&messageID=785355&start=-1
Michael Evanchik
http://before0day.com