SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Instant Messaging/IRC/Chat)  >   AOL Instant Messenger Vendors:   America Online, Inc.
AOL Instant Messenger (AIM) File Sharing Bug May Let Remote Users Silently Force Downloads
SecurityTracker Alert ID:  1005695
SecurityTracker URL:  http://securitytracker.com/id/1005695
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 25 2002
Impact:   Modification of user information
Exploit Included:  Yes  

Description:   Infested Nexus reported a vulnerability in AOL Instant Messenger (AIM). A remote user can force a target user to silently download a file if file sharing is permitted, even if the target user does not accept the file.

It is reported that a remote user can send an arbitrary file with the name "[screen name].lst" to a target buddy user that has file sharing enabled. The target user's system will reportedly download the file automatically, regardless of whether they accept the download or not.

According to the report, the tests work on Microsoft Windows 9x systems but may not work on Windows NT systems, as Windows NT systems use a "listing.txt" file instead of a ".lst" file.

Impact:   A remote user can force a target user to download a file.
Solution:   No solution was available at the time of this entry.
Vendor URL:  aim.aol.com/ (Links to External Site)
Cause:   State error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  InfestedNexus presents a Major AIM vunerability



Infested Nexus presents a major AOL flaw! It is possible to send any file to a user
without them knowing if they have the "allow" option on the file sharing section checked.
Please give credit to Infested Nexus for this exploit.
 

AIM: Infested Nexus

E-mail: InfestedNexus@datathief.cjb.net

 

1.) Get file list from buddy (USERX.lst)

2.) Rename file that you want to send as USERX.lst

3.) Close connection and then choose send file

accept

 

*USERX = screen name of the user

 

During the tests that have been done the recipients of the files have been running
Windows9X - This may not work on NT based systems since
they seem to send a listing.txt file instead of an lst file.

 

   Performed On:

 

   Computer model:  [1x] AuthenticAMD Type 0 Family 6 Model 4 Stepping 2 Brand 0 1208 MHz

 Operating system:  Windows XP  (5.1.2600)

        Total RAM:  255 MB

       Video card:  GEForce2 MX 400 64MB DDRAM

       Sound card:  [01] SB Live! Wave Device (emu10k1m.sys)

Internet Provider:  Adelphia

      Web browser:  Internet Explorer 6.0.2800.1006.xpclnt_qfe.010827-1803

    Other details:  Recipients of hack were running Winows9X



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC