[10315] in bugtraq
Re: AOL Instant Messenger URL Crash
daemon@ATHENA.MIT.EDU (Adam Herscher)
Thu Apr 22 13:27:40 1999
Date: Wed, 21 Apr 1999 18:07:12 -0700
Reply-To: Adam Herscher <adam@AXISPRODUCTIONS.COM>
From: Adam Herscher <adam@AXISPRODUCTIONS.COM>
To: BUGTRAQ@NETSPACE.ORG
>I'm sorry if I was unclear in my first post. The only way I've seen to
>exploit this is to send someone a hyperlink in the form of
>aim:addbuddy?=screenname and have them click on it. (replacing
"screenname"
>with an actual screen name seems to give the same result) You can also set
>up a web page that will redirect your victim to a client crashing URL once
>they've caught on to your evil little scheme. :p I set up an example of
>this at http://www.fazed.net/poof for testing purposes, of course.
>
>Adam Brown
>SpunOne@IRC
>http://www.fazed.net
>http://www.webzone.net
This doesn't seem to work on the Mac versions (tested 2.01.644)
Adam Herscher (ajh-)
