AIM Bug

From: Dave B. (bzerobat_private)
Date: Sun Nov 24 2002 - 18:15:53 PST

Next message: Jouko Pynnonen: "Netscape 4 Java buffer overflow"

Previous message: Paul Szabo: "Re: d_path() truncating excessive long path name vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Major AIM Bug Courtesy Of Infested Nexus --- AIM: Infested Nexus. I have =
uncovered a bug in America Online's AIM service, which can allow a =
normal user to be able to transfer any file onto another users computer =
without consent. This works using the 'get file' feature. If a user has =
the option to allow others to get files without a prompt this hack can =
be executed. After downloading the USERX.lst file - end the file =
connection. Then name any file you wish to send and rename it USERX.lst =
and use the "send file" feature. The file will immediately begin =
transferring without asking for authentication on USERX's computer - =
though they will see the download box. I have tested this on a number of =
people who were away from their computer and it has worked. Tested on =
AIM 5.0.2938. If you go further with this exploit please give credit to =
Infested Nexus. ---- Infested Nexus AIM: Infested Nexus 

Be well!
~Dave

Next message: Jouko Pynnonen: "Netscape 4 Java buffer overflow"
Previous message: Paul Szabo: "Re: d_path() truncating excessive long path name vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Nov 30 2002 - 12:06:21 PST