SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   AOL Instant Messenger Vendors:   America Online, Inc.
(AOL Issues Server-Side Fix) Re: AOL Instant Messenger (AIM) Buffer Overflow Lets Remote Users Execute Arbitrary Code and Gain Full Control of the AIM User's Computer
SecurityTracker Alert ID:  1003100
SecurityTracker URL:  http://securitytracker.com/id/1003100
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 3 2002
Impact:   Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): stable (4.7.2480) and beta (4.8.2616) Windows versions
Description:   A buffer overflow vulnerability was reported in the AOL Instant Messenger (AIM) client software for Microsoft Windows operating systems. A remote user can execute arbitrary code on the AIM user's computer and may be able to obtain full control of the computer.

It is reported that the flaw is due to an overflow in the code that parses a game request, apparently in the parsing of TLV type 0x2711.

The vendor has reportedly been notified.

Demonstration exploit code is available at:

http://www.w00w00.org/files/w00aimexp/

This flaw was also reported by Robbie Saunders.

Impact:   A remote user can execute arbitrary code on the AIM user's computer. This code will execute with the privileges of the AIM user.
Solution:   According to news reports, AOL has issued a fix. The fix is reportedly implemented on the server, so no updated client software is necessary.
Vendor URL:  www.aol.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Jan 2 2002 AOL Instant Messenger (AIM) Buffer Overflow Lets Remote Users Execute Arbitrary Code and Gain Full Control of the AIM User's Computer



 Source Message Contents

Subject:  AOL Instant Messenger Fix


http://dailynews.yahoo.com/h/nf/20020103/tc/15588_1.html

Thursday January 03 01:24 PM EST 

"AOL Claims Fix for Instant Messenger Security Flaw"


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC