Bugtraq mailing list archives

RE: Trillian Remote DoS Attack - AIM

From: "Joshua Wright" <Joshua.Wright () jwu edu>
Date: Tue, 24 Sep 2002 08:43:18 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I was unable to reproduce a Trillian crash in this manner.

Using Trillian 0.74b on Windows XP sp1, test client Windows 2000 sp2
using AOL IM 5.0.2938.

Sent strings "P > O < C", "ee > 3e < 3dsaf", "3 > 3 < 3", "computer >
security < now" using a variety of fonts in AOL IM.  Did not see a
significant jump in CPU or memory utilization.

- -Joshua Wright
Team Leader, Networks and Systems
Johnson & Wales University
Joshua.Wright () jwu edu 

pgpkey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD44B4A73
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73

Impact
Trillian crashes and you have to restart. Bonus is if you
keep crashing the person, AIM services will ban them for
login flooding (Timed Ban).

#########################
# Offending Data String #
#########################
Send a AOL IM to someone with this string anywhere in the message
(the spaces must be there)

P > O < C

And it will cause the application to crash. Other data 
strings do work IE
ee > 3e < 3dsaf 
3 > 3 < 3
computer > security < now


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPZBd5o/i/ArUS0pzEQK2KwCePKyvZfvNAiCnhzlAWgsuCsDiGkEAoPs7
oWbp8KSm0iK89qcb+xc3Vg7w
=DdUp
-----END PGP SIGNATURE-----

Current thread:

Trillian Remote DoS Attack - AIM Spikeman (Sep 23)
- <Possible follow-ups>
- RE: Trillian Remote DoS Attack - AIM Joshua Wright (Sep 24)
- RE: Trillian Remote DoS Attack - AIM Eric Stevens (Sep 24)