Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AIM 3.0 Buffer Overflow exploit

From: mowse () MOWSE NE MEDIAONE NET (- -)
Date: Wed, 22 Mar 2000 05:44:24 -0000

http://www.ozemail.com.au/~geoffch/security/aim/preliminary.
htm

Don't know much about it except that it's perhaps sending an
invalid ascii or unicode character, but if you send "̂"
(no quotes) to a remote user, it will crash their AIM
session, and possibly their computer.

This bug does not exist in 3.5, and if you download 3.0
today, AOL has fixed this hole w/o telling anyone about it
(i.e. if you downloaded 3.0 in the not recent past, you will
be vulnerable).

If the "attacker" is running the unpatched AIM, it will
crash his/her computer as well.

gAIM doesn't have this vulnerability.
Previous By Date Next
Previous By Thread Next

Current thread: