Reported January 24, 2001, by Win2KsecAdvice.
- AOL Instant Messenger
A vulnerability in the current versions of AOL Instant Messenger has been discovered that lets a malicious user launch harmful Java or VBScript code. By exploiting the method in which Instant Messenger handles imbedded images, an attacker can embed Java or VBScript code to be executed when a user saves the chat conversation.
AOL was notified on January 18, 2001, and did not respond publicly.
Discovered by Don't Know Guilt.