ronjor
August 9th, 2004, 09:06 AM
Description:
Ryan McGeehan has reported a vulnerability in AOL Instant Messenger (AIM), which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the handling of "Away" messages and can be exploited to cause a stack-based buffer overflow by supplying an overly long "Away" message (about 1024 bytes). A malicious website can exploit this via the "aim:" URI handler by passing an overly long argument to the "goaway?message" parameter.
Successful exploitation may allow execution of arbitrary code on a user's system when e.g. a malicious website is visited with certain browsers.
The vulnerability has been confirmed in version 5.5.3595. Other versions may also be affected.
http://secunia.com/advisories/12198/
Ryan McGeehan has reported a vulnerability in AOL Instant Messenger (AIM), which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the handling of "Away" messages and can be exploited to cause a stack-based buffer overflow by supplying an overly long "Away" message (about 1024 bytes). A malicious website can exploit this via the "aim:" URI handler by passing an overly long argument to the "goaway?message" parameter.
Successful exploitation may allow execution of arbitrary code on a user's system when e.g. a malicious website is visited with certain browsers.
The vulnerability has been confirmed in version 5.5.3595. Other versions may also be affected.
http://secunia.com/advisories/12198/