Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18718
HistoryDec 24, 2007 - 12:00 a.m.

America Online AOL Instant Messenger AIM6.0 or 6.5 or higher XSS remote execution

2007-12-2400:00:00
vulners.com
84
JSON

Sorry for the brief post but Im still able to bypass filters that aol has put in place. So again with frustration I come to FD to imply pressure on a company to patch correct. From reading feedback from AOL they feel the vulnerability is put to bed and requires no more attention.

I am not posting 0day PoC only currently patched examples.

Do not use any AIM 6 or higher client.

old PoC
http://before0day.com/Lists/Posts/Post.aspx?ID=3

references
http://www.wired.com/politics/security/news/2007/12/aim_hack

http://www.pronetworks.org/index.php/software-and-betas-news/847#comment-199

http://talkback.zdnet.com/5208-12691-0.html?forumID=1&threadID=41986&messageID=785355&start=-1

Michael Evanchik
http://before0day.com

JSON