Skip navigation
Menu
Security

AOL Instant Messenger May Run Java or VBScript

Reported January 24, 2001, by Win2KsecAdvice.

VERSIONS AFFECTED

  • AOL Instant Messenger

DESCRIPTION

A vulnerability in the current versions of AOL Instant Messenger has been discovered that lets a malicious user launch harmful Java or VBScript code. By exploiting the method in which Instant Messenger handles imbedded images, an attacker can embed Java or VBScript code to be executed when a user saves the chat conversation.

VENDOR RESPONSE

AOL was notified on January 18, 2001, and did not respond publicly.

CREDIT
Discovered by Don't Know Guilt.

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading