[Am-info] MICROSOFT & AOL

[Fred Miller]

MICROSOFT & AOL

Security experts have found that AOL instant messenger can
be used to fool Microsoft Internet Explorer into running a
program masking itself as a false Web site page.  Internet
Explorer executes files marked as Web pages (.html) even if
the files are actually virus programs.  Testers used AOL
instant messenger to send the false Web page to the victim
machine that then ran the program.  Experts caution that
there are ways other than using AOL to send a false Web
page to the victim.  The vulnerable systems tested are:

* Microsoft Internet Explorer 6.0 (lower was not tested)
* Microsoft Windows XP Pro
* Microsoft Windows XP Home
* Microsoft Windows 2003 Server Enterprise
* AOL Instant Messenger 5.5 to 4.3 tested

-- 
"...Linux, MS-DOS, and Windows XP (also known as the Good, the Bad, and
the Ugly)."