AOL Instant Messenger "Away" Vulnerability

Discussion in 'other security issues & news' started by ronjor, Aug 9, 2004.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    Description:
    Ryan McGeehan has reported a vulnerability in AOL Instant Messenger (AIM), which potentially can be exploited by malicious people to compromise a user's system.

    The vulnerability is caused due to a boundary error within the handling of "Away" messages and can be exploited to cause a stack-based buffer overflow by supplying an overly long "Away" message (about 1024 bytes). A malicious website can exploit this via the "aim:" URI handler by passing an overly long argument to the "goaway?message" parameter.

    Successful exploitation may allow execution of arbitrary code on a user's system when e.g. a malicious website is visited with certain browsers.

    The vulnerability has been confirmed in version 5.5.3595. Other versions may also be affected.

    http://secunia.com/advisories/12198/
     
  2. dog

    dog Guest

    Update/Fix - AOL Instant Messenger "Away" Vulnerability

    AIM Beta Fixes Security Hole
    August 10, 2004
    By Matt Hicks

    America Online Inc. has released a beta version of AOL Instant Messenger that fixes a critical security hole that could open users to remote attack.

    As previously reported, AOL had promised to fix the vulnerability in an upgraded version of AIM. On Tuesday, it made a test version of AIM 5.9 Available for Download for AIM (AOL Instant Messenger)

    Eweek Article
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.