Home page logo

bugtraq logo Bugtraq mailing list archives

Re: more Netscape 4.07 javascript security
From: hight1mez () HOTMAIL COM (HIGH TIMES)
Date: Sat, 10 Oct 1998 19:31:59 PDT

The A-TEAM Presents...
Date: 10/10/98
Advisory#: 01
Author: JOHN BISSELL <hight1mez () hotmail com>

There is a big security problem in America OnLine 4.x which allows
anybody to remotely crash AOL 4.x software by sending Email which AOL
software does not know how to handle and thus causes an invalid page
fault in module AOLRICH.AOL!

The exploit in essence is too send a email message to a America OnLine
user with a [ background ] image that has a 255 character name. This
could be created in America OnLine's own Email message composer or
perhaps in a Email program that allows HTML formatting. There might be
potential for remote execution of unauthorized code.

America OnLine 4.x software does a good job by warning the user before
opening the Email message that the evil message sent contains a picture
that could cause trouble for the reader.

NOTE: I have notifyed AOL about this problem so they should address
this issue very soon. hopefully!



Get Your Private, Free Email at http://www.hotmail.com

  By Date           By Thread  

Current thread:
  • Re: more Netscape 4.07 javascript security HIGH TIMES (Oct 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]