AOL Instant Messenger未授权行为漏洞

漏洞信息详情

AOL Instant Messenger未授权行为漏洞

• CNNVD编号：CNNVD-200212-379
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2002-2169
  
• 漏洞类型：
  
  
  跨站脚本
  
• 发布时间：
  
  2002-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-02-13
  
• 厂        商：
  
  aol
• 漏洞来源：
  Discovery of this …

MacOS和Windows平台下的AOL Instant Messenger (AIM) 4.5和4.7版本存在跨站脚本攻击（XSS）漏洞。远程攻击者可以借助带有aim：URL的META HTTP-EQUIV=“refresh”标签的URL进行未授权活动，如在用户好友列表中添加好友和群组。

The vendor has fixed this issue in versions 4.8 and later of the AIM client software. The vendor addressed this issue by causing the user to be prompted whenever a change to the buddy list is about to be made.
AOL Instant Messenger is available for download from URL:
http://www.aim.com/index.adp

来源: BID
名称: 5246
链接:http://www.securityfocus.com/bid/5246

来源: www.mindflip.org
链接:http://www.mindflip.org/aim.html

来源: XF
名称: aim-http-refresh-functions(9616)
链接:http://www.iss.net/security_center/static/9616.php

来源: BUGTRAQ
名称: 20020716 AIM forced behavior “issue”
链接:http://online.securityfocus.com/archive/1/282443