Buffer Overflow in AOL Instant Messager's screenname parameter of getfile
Forgive me if this has already been posted..i did a search and didn't find anything :p
Quote:
When AOL Instant Messenger (AIM) is installed, it installs the "aim" protocol handler. This protocol allows AIM to be loaded by arbitrary web pages by including an "aim:operation?parameter".
One of the operations is named "getfile". This operation takes a parameter named "screenname". The "getfile" operation is used to retrieve a file from another user. When the operation is invoked, the user is warned about retrieving files. If the user clicks "OK" the file is normally sent to the requesting user. The warning dialog can be disabled by choosing "Don't ask me again!".
A buffer overflow exists in the "screenname" parameter. The overflow allows an attacker to take control of EIP. The overflow allows arbitrary execution on the victim's machine.
Advisory: Digital Pranksters
enjoy.