File Archive


You can also get these advisories in plain text in the files/advisories directory.


Multiple Microsoft Products on Mac OS
w00w00 released a vulnerability that occurs in Internet Explorer and multiple products in the Microsoft Office suite on Mac OS. The most several vulnerability can occur by a user simply clicking an email. The implications (such as a worm) depend on how widespread the usage of the mail clients (Entourage/Outlook Express) on Mac OS is.

AOL Instant Messenger
w00w00 released a serious vulnerability in the latest stable (4.7) and beta versions (4.8) of AOL Instant Messenger. Most versions prior to 4.7 are also vulnerable. This is a serious vulnerability that leaves AIM's users vulnerable to remote penetration.

UPDATE: AOL has fixed the problem. Here are some links about the fix:
The Register
San Jose Mercury News

Here are the articles posted about this vulnerability (in no particular order):
Washington Post 1
Washington Post 2
FOX News
The Register

w00giving '99

#1: UnixWare 7's dtappgather
#2: Ipswitch's IMail POP3 server (Windows)
#3: UnixWare 7's /var/sadm permissions
#4: VNC 3.3.2 R6 (Windows/Unix)
#5: UnixWare 7's su
#6: UnixWare 7's Xsco
#7: UnixWare 7's xlock
#8: Solaris 2.7's snoop
#9: Infoseek's Ultraseek (eEye/USSR)
#10: IMail's password encryption (Windows)
#11: Norton Antivirus' POProxy

Other w00w00 Advisories

[dalnet] ircd remote vulnerability
It was pointed out that other irc servers such as Icenet (and Darknet?) were vulnerable.

S/Key & OPIE database vulnerability
VMware 1.1.2 vulnerability
vpopmail vulnerability
Spank attack (new-breed raped/stream)