[10301] in bugtraq
Re: AOL Instant Messenger URL Crash
daemon@ATHENA.MIT.EDU (Daniel Reed)
Wed Apr 21 19:56:17 1999
Date: Tue, 20 Apr 1999 16:24:02 -0400
Reply-To: Daniel Reed <djr@NARNIA.N.ML.ORG>
From: Daniel Reed <djr@NARNIA.N.ML.ORG>
X-To: Adam Brown <mad@SKILL.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199904200259.WAA04731@netspace.org>
On Mon, 19 Apr 1999, Adam Brown wrote:
) There is a bug in the newer versions of AOL's Instant Messenger that will
) cause the client to crash when exploited. All builds of version 2.0 that
) I've tested seem to be vulnerable, although I have not done extensive
) version testing. AOL was notified of this about two weeks ago. To exploit
) this bug, send a hyperlink in this format: aim:addbuddy?=screenname
I just sent <a href="aim:addbuddy?=screenname">what does this show up as</a>?
to an AOL AIM 2.0.996 user and once she *clicked* on it AIM crashed. I don't
know if you meant to say that the user had to click on it for the client to
crash, or if this is indeed different behaviour. I also just tried it with
"screenname" replaced with first her screenname, and then with mine, again
with no automatic reaction.
(sent from linuxkitty, a naim-0.9.4-parse2 user, to <victim>, an AOL AIM
2.0.996 user)
[15:59:43] linuxkitty: [LINK:href="aim:addbuddy?=screenname":what
does this show up as]?
[16:00:23] Friend <victim> has just logged off :(
[16:03:09] Friend <victim> is now online =)
[16:14:14] linuxkitty: [LINK:href="aim:addbuddy?=<victim>":miaow
miaow] (don't click on that, I'm just testing something)
[16:14:50] linuxkitty: [LINK:href="aim:addbuddy?=linuxkitty":anoth
er test...]
--
Daniel Reed <n@ml.org>
Many a false step is made by standing still...
