Hole in AOL Instant Messenger

[InterWN Labs <interwn () interwn nl>]

Hello all,

This morning I noticed something while playing
around with the aim:AddBuddy hyperlink for AIM.
If you add many characters separated by commas
you can crash the aim when a user clicks it.

An example:

aim:AddBuddy?
ScreenName=InterWN,InterWN,InterWN,InterWN,InterWN,InterWN,I
nterWN,InterWN,InterWN,InterWN,InterWN,InterWN&groupname=Int
erWN,InterWN,InterWN,InterWN,InterWN,InterWN,InterWN,InterWN
,InterWN,InterWN,InterWN,InterWN

It causes an error in OSCORE.DLL and which
then causes Instant Messenger to crash.  If
anyone is willing to work with me do a
little further research on the problem just let
me know.

Obviously no one would click that link about,
but you can hide it with the make a link option
aim has in the window.

Thanx a lot.

philer
www.interwn.nl