Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AIM 3.0 Buffer Overflow exploit

From: science () BCITY EFINGHAM K12 IL US (Jamal Hendershot)
Date: Sun, 19 Mar 2000 14:55:32 -0500

Here's a list of versions reported to be affected by this bug, which was
sent to Bugtraq two weeks ago:
2.5.1366
2.5.1598
3.0.1470
3.5.1635
3.5.1670
3.5.1808


-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of
lewkir () YAHOO COM
Sent: Friday, March 17, 2000 12:33 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: AIM 3.0 Buffer Overflow exploit


Don't know much about it except that it's perhaps sending an
invalid ascii or unicode character, but if you send "̂"
(no quotes) to a remote user, it will crash their AIM
session, and possibly their computer.

This bug does not exist in 3.5, and if you download 3.0
today, AOL has fixed this hole w/o telling anyone about it
(i.e. if you downloaded 3.0 in the not recent past, you will
be vulnerable).

If the "attacker" is running the unpatched AIM, it will
crash his/her computer as well.

gAIM doesn't have this vulnerability.
Previous By Date Next
Previous By Thread Next

Current thread: