Bugtraq mailing list archives

RE: Trillian Remote DoS Attack - AIM

From: "Eric Stevens" <mightye () mightye org>
Date: Tue, 24 Sep 2002 13:38:11 -0400

Tried unsuccessfully to replicate on Trillian 0.73, sending from Trillian
Pro 1.0.  Sent
P > O < C
by itself.  Sent during both encrypted, and non-encrypted sessions.  No
crash reported on either end.

-MightyE

-----Original Trimmed Message-----
From: Spikeman [mailto:spikeman () computersecuritynow com]
Subject: Trillian Remote DoS Attack - AIM


#########################
# Offending Data String #
#########################
Send a AOL IM to someone with this string anywhere in the message
(the spaces must be there)

P > O < C

And it will cause the application to crash. Other data strings do work IE
ee > 3e < 3dsaf
3 > 3 < 3
computer > security < now

Current thread:

Trillian Remote DoS Attack - AIM Spikeman (Sep 23)
- <Possible follow-ups>
- RE: Trillian Remote DoS Attack - AIM Joshua Wright (Sep 24)
- RE: Trillian Remote DoS Attack - AIM Eric Stevens (Sep 24)