[26240] in bugtraq
Re: AIM forced behavior "issue" Re:ICQ and MSIE allow execution
daemon@ATHENA.MIT.EDU (rwertenb@MIT.EDU)
Sat Jul 20 12:15:57 2002
Date: 20 Jul 2002 15:37:51 -0000
Message-ID: <20020720153751.14127.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <rwertenb@MIT.EDU>
To: bugtraq@securityfocus.com
In-Reply-To: <002901c22e2d$733822e0$6401a8c0@BOJO>
FYI: This vulnerability affects older versions of AIM on
the Macintosh as well. I am running 4.3.1232 and the
test (http://www.mindflip.org/aimrefresh/) was able to
add buddies when I was logged in.
When I logged out and retested I received an error
message stating the process required me to log in and
that if I stored my password this could happen
automatically in the future.
Yet another reason not to have applications remember
passwords.
