Bugtraq mailing list archives
AOL Instant Messenger
From: daniels () KAREMOR COM (Daniel P. Stasinski)
Date: Mon, 8 May 2000 11:08:44 -0700
When sending a file to someone using AOL's Instant Messenger program, the entire local path of your file is shown to the recipient. Not only is this an invasion of privacy, it also opens the door to known security holes in web browsers where access can be gained to specific files provided that you know the full path to those files, or guessed file names in that same path. AOL has not responded to my direct reports. Daniel
Current thread:
- Re: glibc resolver weakness Steven M. Bellovin (May 03)
- Re: glibc resolver weakness D. J. Bernstein (May 06)
- Re: glibc resolver weakness Gary Ellison (May 08)
- AOL Instant Messenger Daniel P. Stasinski (May 08)
- Re: AOL Instant Messenger Oppenheimer, Max (May 09)
- New Allaire Security Zone Bulletin Posted Aleph One (May 08)
- Advisory: Netopia R9100 router vulnerability Stephen Friedl (May 08)
- Re: Advisory: Netopia R9100 router vulnerability Gary L. Burnore (May 09)
- Re: Advisory: Netopia R9100 router vulnerability Rob Tashjian (May 10)
- Microsoft Security Bulletin (MS00-031) Microsoft Product Security (May 10)
- Re: Advisory: Netopia R9100 router vulnerability Jeffrey Paul (May 13)
- "ClientSideTrojan" bug Kragen Sitaker (May 09)
- Re: "ClientSideTrojan" bug David L. Nicol (May 11)
- Re: "ClientSideTrojan" bug Magosanyi Arpad (May 16)
- Re: Advisory: Netopia R9100 router vulnerability Gary L. Burnore (May 09)
(Thread continues...)