Reported October 3, 2001, by Matthew Sachs
America Online (AOL) Instant Messenger 4.7.2480 and 4.3.2229.
A Denial of Service (DoS) condition exists in AOL Instant Messenger. An attacker who can send instant messages to a user signed on to the AOL Instant Messenger service can crash that user's AOL Instant Messenger. The default settings let anyone send instant messages to the user. When an attacker sends text message of "<!-- " repeatedly (approximately 640 or more times), the instant messenger client crashes. To minimize exposure to this vulnerability, users should restrict the ability to receive instant messages to only the people the users select.
The vendor, America Online, has been notified of this vulnerability.
Discovered by Matthew Sachs.