Reported January 1, 2002, by Matt Conover.
AOL Instant Messenger 4.8 (Beta) and 4.7 for Windows
A buffer overflow exists in AOL Instant Messenger (AIM) that an attacker can use to remotely execute commands on the vulnerable system. A buffer overrun condition in the parsing code used to parse game requests causes this vulnerability. Users can find details about this vulnerability on the discoverer’s Web site.
The vendor, AOL, has patched its servers to correct this vulnerability. AOL's servers now have an overly long game request parsed so that the vulnerability no longer triggers the overflow on the AIM client.