Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

New instant messenger exploit

Feb 19, 2004 4:14AM PST

Today a new exploit was released on the Bugtraq mailing list by Michael Evanchik that targets the very popular AOL Instant Messenger. This exploit is a combination of existing Interrnet Explorer vulnerabilities and a new predictable file location vulnerability in the AIM client.

PivX Solutions have analyzed this new exploit and the new AIM vulnerability and determined that locking down the My Computer zone in Internet Explorer completely mitigates the impact of this vulnerability. All of our existing Qwik-Fix users were proactively protected against this threat before it was ever announced.

We have crafted a response that details what this exploit is comprised of and how it works, including details about related vulnerabilities, which you can find at

http://www.pivx.com/larholm/list/pivx.02.19.2004.aimpredictablefilelocation.txt

If you have not already installed Qwik-Fix you can download it from

http://www.qwik-fix.net/

Most Secure Regards

Thor Larholm
Senior Security Researcher
PivX Solutions

Discussion is locked