Skip navigation
Menu
Security

Buffer Overflow in America Online Instant Messenger

Reported January 1, 2002, by Matt Conover.

VERSIONS AFFECTED

  • AOL Instant Messenger 4.8 (Beta) and 4.7 for Windows

 

DESCRIPTION

A buffer overflow exists in AOL Instant Messenger (AIM) that an attacker can use to remotely execute commands on the vulnerable system. A buffer overrun condition in the parsing code used to parse game requests causes this vulnerability. Users can find details about this vulnerability on the discoverer’s Web site.

 

VENDOR RESPONSE

 

The vendor, AOL, has patched its servers to correct this vulnerability. AOL's servers now have an overly long game request parsed so that the vulnerability no longer triggers the overflow on the AIM client.

 

CREDIT
Discovered by Matt Conover of w00w00 Security Development.

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024
cleaning products
6 Essential Steps for Spring Cleaning Your Website
Mar 21, 2024