|
|
| |
| AOL Instant Messenger has been found to contain a vulnerability that will allow a remote attacker cause it to programs when a user clicks on a not-so-specially crafted hypertext link. |
| |
Credit:
The information has been provided by Blud Clot.
|
| |
Vulnerable systems:
* AOL Instant Messenger 4.8.2790
Immune systems:
* AOL Instant Messenger 4.7.2480
* AOL Instant Messenger 5.0.2938
When a malicious user sends a link pointing to an executable file and a victim clicks on said link, the file will be executed without any warning prompts. The URL simply points to the filename. However, certain characters are not allowed including spaces. Thus the attacker is limited to running files on the same partition as the current directory and/or system folders. Since an attacker doesn't know the current directory they are likely to begin the URL with a few "../../../../" to get to the root of the partition.
Spaces cannot be entered however this can be gotten around by using dos filenames: i.e. "program files" becomes "progra~1". Here are a few examples:
<a href = "notepad.exe">hi</a>
<a href ="../../../../progra~1/trojan/trojan.exe">www.google.com</a>
<a href ="../../../../you/get/the/point/exampl~1.exe">blah</a>
All of these examples would run the program specified if the victim were to click on them.
Solution:
Upgrade or downgrade to any version of AIM other than 4.8.2790. Always check hyperlink URLs before clicking on them.
|
|
|
