Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1999_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1999: Re: AOL Instant Messenger URL Crash

Re: AOL Instant Messenger URL Crash

Adam Herscher (adamAXISPRODUCTIONS.COM)
Wed, 21 Apr 1999 18:07:12 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Pascal DROUIN: "Re: Serious security holes in web anonimyzing services"
Previous message: Andy Church: "Re: Bash Bug"
Maybe in reply to: Adam Brown: "AOL Instant Messenger URL Crash"

>I'm sorry if I was unclear in my first post.  The only way I've seen to
>exploit this is to send someone a hyperlink in the form of
>aim:addbuddy?=screenname and have them click on it.  (replacing
"screenname"
>with an actual screen name seems to give the same result)  You can also set
>up a web page that will redirect your victim to a client crashing URL once
>they've caught on to your evil little scheme. :p  I set up an example of
>this at http://www.fazed.net/poof for testing purposes, of course.
>
>Adam Brown
>SpunOneIRC
>http://www.fazed.net
>http://www.webzone.net


This doesn't seem to work on the Mac versions (tested 2.01.644)

Adam Herscher (ajh-)

Next message: Pascal DROUIN: "Re: Serious security holes in web anonimyzing services"
Previous message: Andy Church: "Re: Bash Bug"
Maybe in reply to: Adam Brown: "AOL Instant Messenger URL Crash"