Subscribe to Windows IT Pro
January 24, 2001 12:00 AM

AOL Instant Messenger May Run Java or VBScript

Steve Manzuik
Windows IT Pro
InstantDoc ID #19811
Rating: (0)

Reported January 24, 2001, by Win2KsecAdvice.

VERSIONS AFFECTED

  • AOL Instant Messenger

DESCRIPTION

A vulnerability in the current versions of AOL Instant Messenger has been discovered that lets a malicious user launch harmful Java or VBScript code. By exploiting the method in which Instant Messenger handles imbedded images, an attacker can embed Java or VBScript code to be executed when a user saves the chat conversation.

VENDOR RESPONSE

AOL was notified on January 18, 2001, and did not respond publicly.

CREDIT
Discovered by Don't Know Guilt.

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
  • Richard E Turner
    8 years ago
    Apr 26, 2004

    I am told I need to get onto aol's Java, have you taken care of the problem? There is no sense getting onto it if its nothing but trouble. And which Java does this computer need, there are so many different names.

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.