America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution
From: evanchik@xxxxxxxxx
Date: 21 Dec 2007 23:15:55 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Sorry for the brief post but Im still able to bypass filters that aol has put 
in place.  So again with frustration I come to FD to imply pressure on a 
company to patch correct.  From reading feedback from AOL they feel the 
vulnerability is put to bed and requires no more attention.

I am not posting 0day PoC only currently patched examples.  

Do not use any AIM 6 or higher client.

old PoC 
http://before0day.com/Lists/Posts/Post.aspx?ID=3


references
http://www.wired.com/politics/security/news/2007/12/aim_hack

http://www.pronetworks.org/index.php/software-and-betas-news/847#comment-199

http://talkback.zdnet.com/5208-12691-0.html?forumID=1&threadID=41986&messageID=785355&start=-1



Michael Evanchik
http://before0day.com

Prev by Date: Word 2003 denial of service
Next by Date: Microsoft Office Publisher
Previous by thread: Word 2003 denial of service
Next by thread: Microsoft Office Publisher
Index(es):
- Date
- Thread