Reported January 1, 2002, by Matt Conover.
VERSIONS AFFECTED
-
AOL Instant Messenger 4.8 (Beta) and 4.7 for Windows
DESCRIPTION
A
buffer overflow exists in AOL Instant Messenger (AIM) that an attacker can use
to remotely execute commands on the vulnerable system. A buffer overrun
condition in the parsing code used to parse game requests causes this
vulnerability. Users can find details about this vulnerability on the
discoverer’s Web site.
VENDOR RESPONSE
The vendor, AOL, has patched its servers to correct this vulnerability. AOL's servers now have an overly long game request parsed so that the vulnerability no longer triggers the overflow on the AIM client.
CREDIT
Discovered by Matt
Conover of w00w00 Security
Development.