Thursday, 27 September 2007
Now AIM IM Vulnerable To Attacks
|
| |
After Yahoo and Microsoft, the instant messaging service from AOL that is now at a risk of being attacked. AOL Instant Messenger (AIM), which is used by millions of people across the world... |
| |
|
| |
After Yahoo and Microsoft, the instant messaging service from AOL that is now at a risk of being attacked. AOL Instant Messenger (AIM), which is used by millions of people across the world is at a risk of attacks via flaws in AIM 6.1, AIM beta 6.2, AIM Pro and AIM Lite, according to researchers at Core Security.
Core Security researchers said, the flaw that exists in AIM's HTML rendering function that relies on an embedded Internet Explorer server control allows an attacker to deliver malicious HTML code as part of a conversation. This lets an attacker to exploit IE without user interaction, or target security configuration weaknesses in the browser.
Researchers at CoreLabs said they were also able to exploit IE bugs without user interaction and to inject scripting code into the embedded IE control of the AIM client.
Other flaws included remote exploitation of ActiveX controls in the corresponding security zone and cross-site request forgery and token and cookie manipulation using embedded HTML. |
| |
|
|
| |
|
|
| |
|
|
| |
|
