Repost attempt, dunno why it didnt go through the first time. I have had AIM installed here at work for a while. While trying to repair the security zone settings on a users PC by comparing them to my own, I noticed that free.aol.com had been added to Internet Explorers "Trusted Sites" zone. If a simple minded user clicks one of the many "Free AOL and Unlimited Internet" icons on their system, or one of the 5,800 links to this domain that google turns up, AOL can run the code of their choice without prompting. Anyone care to verify my findings or find a CSS vulnerability on free.aol.com? Does an employee of AOL care to comment? -Mike ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 08:33:37 PDT