January 4th, 2002, 11:37 PM
AOL Instant Messenger Vulnerability
AOL Instant Messenger (AIM) has a major security vulnerability in the latest stable (4.7.2480) and beta (4.8.2616) Windows versions. This vulnerability will allow remote penetration of the victim's system without any indication as to who performed the attack. There is no opportunity to refuse the request.
This does not affect the non-Windows versions, because the non-Windows versions currently do not yet support the feature that this vulnerability occurs in.
This particular vulnerability results from an overflow in the code that parses a game request. The actual overflow appears to be in the parsing of TLV type 0x2711. This may be more generic and exploitable through other means, but AOL has not released enough information about their protocol for us to be able to determine that.
AOL Instant Messenger (http://www.aim.com) has over 100 million users.Almost all of these users are Windows users and directly vulnerable to this.
The exploit, w00aimexp, is too big (1000+ lines) to include here, but it can be downloaded at http://www.w00w00.org/files/w00aimexp.tgz. The files can be viewed online at http://www.w00w00.org/files/w00aimexp/.
If you want to be inform visit www.xatrix.org security portal