Back to list
AIM Arbitrary HTML Display in Notification Window
Sep 12 2007 01:16AM
shell dotshell net
Arbitrary HTML can be readily displayed in notification windows generated
by AOL Instant Messenger when the window of origin is not the main focus.
This vulnerability is known to be present at least in version 184.108.40.206
(which is the current release). It appears to display any form of
HTML-compliant code. More details can be provided on request.
Discovery credited to:
Shell ( dotshell.net, shell6 (at) gmail (dot) com [email concealed], shell (at) dotshell (dot) net [email concealed])
Lone (Lone-Matrix.com, Lone (at) Lone-Matrix (dot) com [email concealed] )
[ reply ]
Copyright 2010, SecurityFocus