[26813] in bugtraq
Re: AOL Instant Messenger Heap Overflow
daemon@ATHENA.MIT.EDU (JasonBrown777@netscape.net)
Mon Aug 26 11:54:43 2002
Date: 25 Aug 2002 18:27:39 -0000
Message-ID: <20020825182739.9299.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <JasonBrown777@netscape.net>
To: bugtraq@securityfocus.com
In-Reply-To: <000601c24b06$379e3f80$e62d1c41@kc.rr.com>
>The previously reported AOL Instant Messenger heap overflow is restricted
> to the "goim" handler. The unchecked escaping is performed on the
> "screenname" query string parameter. The vulnerability is exploited
> when the user clicks "Get Info" to request information on the buddy.
>
>AIM dies with an access violation when trying to execute 0x656C6261. As
>there is nothing stored there, AIM faults and dies:
What version of AIM is required for this? Does it happen in the latest
5.0.2916 beta (http://www.aim.com/get_aim/win/win_beta.adp) or in the
4.8.2790 GM version (http://ftp.newaol.com/aim/win95/Install_AIM.exe)?
