RE: AIM including the beta 4.8.2646 Local/Remote Buffer Oveflow

["John Adair" <J.Adair () SempermedUSA com>]

eSafe Gateway(tm) has scanned this mail for viruses, vandals and 
suspicious attachments and has found it to be CLEAN.

File: smime.p7s (2,256 bytes)
Encoding: Base64
Result: Clean.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If anyone wants the dump file please e-mail me off list. I was able to
overwrite the edi, but I am sure we can find more given enough
research.vuln-dev () securityfocus com

I'm at work so I can't look into this issue too much, but here is what I
found in a couple of minutes. I was able to craft my link to overwrite a
few registers on the stack. I attached the dump I got from my first
test. I used a larger buffer than what the advisory stated, but not much
larger. On a side note, I had to reboot to get AIM to startup again and
when I tried starting it up again (before the reboot) my machine froze.
On another machine it crashed the entire system when Dr Watson was
generating the dump file.

- - -
Opinions expressed do not necessarily represent the views of my employer.

This message and any attachment are confidential and may be privileged or
otherwise protected from disclosure. If you are not the intended
recipient, please telephone, fax or e-mail to the sender without delay.
Return this message or delete this message and any attachment from your
system as per our request. If you are not the intended recipient you must
not copy this message or attachments or disclose the contents to any other
person.

Attachment: smime.p7s
Description: