SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   AOL Instant Messenger Vendors:   America Online, Inc.
(Additional Details Are Provided) Re: AOL Instant Messenger (AIM) Buffer Overflow Lets Remote Users Execute Arbitrary Code and Gain Full Control of the AIM User's Computer
SecurityTracker Alert ID:  1003091
SecurityTracker URL:  http://securitytracker.com/id/1003091
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 2 2002
Impact:   Execution of arbitrary code via network, Root access via network, User access via network

Version(s): stable (4.7.2480) and beta (4.8.2616) Windows versions; prior versions as far back as 4.3 (and possibly earlier versions)
Description:   A buffer overflow vulnerability was reported in the AOL Instant Messenger (AIM) client software for Microsoft Windows operating systems. A remote user can execute arbitrary code on the AIM user's computer and may be able to obtain full control of the computer.

It is reported that the flaw is due to an overflow in the code that parses a game request, apparently in the parsing of TLV type 0x2711.

The vendor has reportedly been notified.

Demonstration exploit code is available at:

http://www.w00w00.org/files/w00aimexp/

This flaw was also reported by Robbie Saunders.

Impact:   A remote user can execute arbitrary code on the AIM user's computer. This code will execute with the privileges of the AIM user.
Solution:   No vendor solution was available at the time of this entry.

The author of the original message has provided a temporary workaround:

1. Go to your Preferences
2. Go to the Privacy section
3. Click "Allow only users on my Buddy List" under "who can contact me"

This will reportedly disable the vulnerability because you will appear signed off to anyone not on your buddy list.

Vendor URL:  www.aol.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Jan 2 2002 AOL Instant Messenger (AIM) Buffer Overflow Lets Remote Users Execute Arbitrary Code and Gain Full Control of the AIM User's Computer



 Source Message Contents

Subject:  AIM addendum


Before I get too many more questions about these issues, let me clarify a
few things:

1. This vulnerable affects all AIM versions as far back as 4.3 (this is
the farthest one back I've checked). I don't know if it affects the inline
AIM used with Netscape. If it supports game requests, probably. Otherwise,
it won't.

2. A temporary solution to this vulnerability is:
   1. Go to your Preferences
   2. Go to the Privacy section
   3. Click "Allow only users on my Buddy List" under "who can contact me"

This will disable the vulnerability because you will appear signed off to
anyone not in your buddy 3.

3. The libfaim I used is the latest available from
http://jgo.local.net/libfaim. Look at the Makefile in
http://www.w00w00.org/files/w00aimexp/Makefile. I didn't find it necessary
to change anything to build. Once libfaim is installed, reference the
libfaim headers files by -I/path/to/headers (probably
/usr/local/include/faim).

============================================================================
Delivery co-sponsored by VeriSign - The Internet Trust Company
============================================================================
FREE E-COMMERCE SECURITY INFRASTRUCTURE GUIDE
When building an e-commerce site, you want to start with a strong, secure
foundation. Learn how with VeriSign's FREE White Paper, "Building an
E-Commerce Trust Infrastructure." See how you can authenticate your site to
customers, use 128-Bit SSL encryption to secure your web servers, and accept
secure payments online. Click here:
http://www.verisign.com/cgi-bin/go.cgi?a=n116965650045000
============================================================================

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC