|
|
CVE Reference: CVE-2007-4901 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-4901 |
|
|
Description: The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected contexts or execute arbitrary code, as demonstrated by writing arbitrary HTML to a notification window, and writing contents of arbitrary local image files to this window via IMG SRC. |
|
|
CVE Status: Candidate |
|
|
References: SREASON http://securityreason.com/securityalert/3136 SAID Secunia Advisory: SA26786 MISC http://aviv.raffon.net/2007/09/25/ReadyAIMFire.aspx http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1924 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/480647/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/480587/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/479435/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/479199/100/0/threaded BID 25659 |
|
| Return to the previous page. |
