Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
A vulnerability in the current versions of AOL Instant Messenger has been discovered that lets a malicious user launch harmful Java or VBScript code.
January 23, 2001
ReportedJanuary 24, 2001, byWin2KsecAdvice.
VERSIONS AFFECTED
AOL Instant Messenger
DESCRIPTION
A vulnerability in the currentversions of AOL Instant Messenger has been discovered that lets a malicious userlaunch harmful Java or VBScript code. By exploiting the method in whichInstant Messenger handles imbedded images, an attacker can embed Java orVBScript code to be executed when a user saves the chat conversation.
VENDORRESPONSE
AOL was notified on January 18, 2001, and did notrespond publicly.
CREDIT
Discovered byDon't Know Guilt.
You May Also Like