Buffer Overflow in America Online Instant Messenger

Reported January 1, 2002, by Matt Conover.

VERSIONS AFFECTED

  • AOL Instant Messenger 4.8 (Beta) and 4.7 for Windows

 

DESCRIPTION

A buffer overflow exists in AOL Instant Messenger (AIM) that an attacker can use to remotely execute commands on the vulnerable system. A buffer overrun condition in the parsing code used to parse game requests causes this vulnerability. Users can find details about this vulnerability on the discoverer’s Web site.

 

VENDOR RESPONSE

 

The vendor, AOL, has patched its servers to correct this vulnerability. AOL's servers now have an overly long game request parsed so that the vulnerability no longer triggers the overflow on the AIM client.

 

CREDIT
Discovered by Matt Conover of w00w00 Security Development.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish