Security Incidents mailing list archives
AIM Backdoor?
From: <miked () rootdown net>
Date: Mon, 8 Apr 2002 20:19:12 -0600 (MDT)
Repost attempt, dunno why it didnt go through the first time.
I have had AIM installed here at work for a while. While trying to repair
the security zone settings on a users PC by comparing them to my own, I
noticed that free.aol.com had been added to Internet Explorers "Trusted
Sites" zone.
If a simple minded user clicks one of the many "Free AOL and Unlimited
Internet" icons on their system, or one of the 5,800 links to this domain
that google turns up, AOL can run the code of their choice without
prompting.
Anyone care to verify my findings or find a CSS vulnerability on
free.aol.com? Does an employee of AOL care to comment?
-Mike
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Current thread:
- AIM Backdoor? miked (Apr 09)
- Re: AIM Backdoor? Chris Brenton (Apr 09)
- Re: AIM Backdoor? Virus Attack! - Incidents (Apr 11)
- <Possible follow-ups>
- RE: AIM Backdoor? Ralph Los (Apr 09)
- RE: AIM Backdoor? Christian Piper (Apr 09)
- Re: AIM Backdoor? Chris Brenton (Apr 09)