Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: AIM Backdoor?

AIM Backdoor?

From: <miked_at_rootdown.net>
Date: Mon, 8 Apr 2002 20:19:12 -0600 (MDT)

Repost attempt, dunno why it didnt go through the first time.

I have had AIM installed here at work for a while. While trying to repair
the security zone settings on a users PC by comparing them to my own, I
noticed that free.aol.com had been added to Internet Explorers "Trusted
Sites" zone.

If a simple minded user clicks one of the many "Free AOL and Unlimited
Internet" icons on their system, or one of the 5,800 links to this domain
that google turns up, AOL can run the code of their choice without
prompting.

Anyone care to verify my findings or find a CSS vulnerability on
free.aol.com? Does an employee of AOL care to comment?

        -Mike

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Apr 09 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos