AOL Instant Messenger通知窗口远程脚本执行漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1189138 漏洞类型 设计错误
发布时间 2007-09-13 更新时间 2007-10-10
CVE编号 CVE-2007-4901 CNNVD-ID CNNVD-200709-187
漏洞平台 N/A CVSS评分 5.8
|漏洞来源
https://www.securityfocus.com/bid/25659
https://cxsecurity.com/issue/WLB-2007090053
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200709-187
|漏洞详情
AOLInstantMessenger是一款在线即时聊天工具。AIM在处理消息窗口时存在漏洞,可能导致信息泄露及代码执行。为了支持渲染HTML内容,AOLInstantMessaging软件客户端使用了嵌入的InternetExplorer服务器协议,但没有正确的过滤恶意输入内容,因此攻击者可以在IM消息中提供恶意的HTML内容来利用InternetExplorer的bug或安全配置弱点,导致注入并执行任意代码或伪造跨站请求。
|漏洞EXP
Arbitrary HTML can be readily displayed in notification windows generated
by AOL Instant Messenger when the window of origin is not the main focus.
This vulnerability is known to be present at least in version 6.1.41.2
(which is the current release). It appears to display any form of
HTML-compliant code. More details can be provided on request.

Discovery credited to:
Shell ( dotshell.net, shell6 (at) gmail (dot) com [email concealed], shell (at) dotshell (dot) net [email concealed])
Lone (Lone-Matrix.com, Lone (at) Lone-Matrix (dot) com [email concealed] )
|受影响的产品
AOL Instant Messenger 6.1.41 .2 AOL Instant Messenger Pro AOL Instant Messenger Lite AOL Instant Messenger 6.1.32.1
|参考资料

来源:BID
名称:25659
链接:http://www.securityfocus.com/bid/25659
来源:BUGTRAQ
名称:20070925RE:CORE-2007-0817:RemoteCommandexecution,HTMLandJavaScriptinjectionvulnerabilitiesinAOL'sInstantMessagingsoftware
链接:http://www.securityfocus.com/archive/1/archive/1/480647/100/0/threaded
来源:BUGTRAQ
名称:20070925CORE-2007-0817:RemoteCommandexecution,HTMLandJavaScriptinjectionvulnerabilitiesinAOL'sInstantMessagingsoftware
链接:http://www.securityfocus.com/archive/1/archive/1/480587/100/0/threaded
来源:BUGTRAQ
名称:20070914AIMLocalFileDisplayinNotificationWindow
链接:http://www.securityfocus.com/archive/1/archive/1/479435/100/0/threaded
来源:BUGTRAQ
名称:20070912AIMArbitraryHTMLDisplayinNotificationWindow
链接:http://www.securityfocus.com/archive/1/archive/1/479199/100/0/threaded
来源:MISC
链接:http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1924
来源:SREASON
名称:3136
链接:http://securityreason.com/securityalert/3136
来源:SECUNIA
名称:26786
链接:http://secunia.com/advisories/26786
来源:MISC
链接:http://aviv.raffon.net/