|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
AIM 3.0
Paul Keefer (paul
KEEFER.ORG)
Thu, 28 Oct 1999 17:20:23 -0000
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Adolfo Soto: "Re: stealth executables"
- Previous message: CyberPsychotic: "Re: Accessing IE/Netscape incomming data"
- Next in thread: Aviram Jenik: "Re: AIM 3.0"
- Reply: Aviram Jenik: "Re: AIM 3.0"
- Reply: Blue Boar: "Re: AIM 3.0"
- Reply: Usman: "Re: AIM 3.0"
- Reply: esl: "Re: AIM 3.0"
I haven't seen any vulnerabilities listed for the version of
AIM that is shipping with Netscape 4.7, but I was wondering
if anyone had noticed the file transfer capabilities?
Basically it looks like a user can tell AIM to allow access
to any files that user has rights to. When another AIM
user either "gets" or "puts" a file, the transaction is
coordinated by the AIM server, and the transfer appears to
be initiated by the workstation serving the files.
I don't even want to think about the number of buffer
overruns and other bugs in this software just waiting to be
exploited.
- Next message: Adolfo Soto: "Re: stealth executables"
- Previous message: CyberPsychotic: "Re: Accessing IE/Netscape incomming data"
- Next in thread: Aviram Jenik: "Re: AIM 3.0"
- Reply: Aviram Jenik: "Re: AIM 3.0"
- Reply: Blue Boar: "Re: AIM 3.0"
- Reply: Usman: "Re: AIM 3.0"
- Reply: esl: "Re: AIM 3.0"
This archive was generated by hypermail 2.0b3 on Thu Oct 28 1999 - 13:54:06 CDT