-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone,
It has recently come to my attention that the buffer overflowing affecting aim is still remotely exploitable. I just thought that I would let the list know that CONTARY TO PUBLISHED REPORTS the vulnerability is still being actively exploited. I did a little testing at home and it seems the newest version of the aim client (4.8.2646) is NOT vulnerable. I would also like to point out that this is a great reason why shortcuts and security just don't play nicely together. Instead of fixing and making a big point to let everyone know about the vulnerability (as in we messed up but most software companies do, here's a patch or you MUST download the newest version,) AOL took the easy way out and claimed to fix the problem at the server. Bull-cocky. If the problem is fixed at the server how come I am still able to kick people off with aimfilter? (rhetorical ;) D'oh! AOl's engineers or Oracle's engineers; who is doing worse in the month of January? One is breakable the other is remotely exploitable. Hehe Cheers to the group, Leon -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPFf/htqAgf0xoaEuEQL3zQCg69Gd7PbfHwxWMBL/E2QzTICqeuMAoKQl /iQO3DkBt8aDMcymoh+84IiD =uNkL -----END PGP SIGNATURE-----
