AOL Instant Messenger Vulnerability
Results 1 to 5 of 5

Thread: AOL Instant Messenger Vulnerability

  1. #1

    AOL Instant Messenger Vulnerability


    AOL Instant Messenger (AIM) has a major security vulnerability in the latest stable (4.7.2480) and beta (4.8.2616) Windows versions. This vulnerability will allow remote penetration of the victim's system without any indication as to who performed the attack. There is no opportunity to refuse the request.

    This does not affect the non-Windows versions, because the non-Windows versions currently do not yet support the feature that this vulnerability occurs in.

    This particular vulnerability results from an overflow in the code that parses a game request. The actual overflow appears to be in the parsing of TLV type 0x2711. This may be more generic and exploitable through other means, but AOL has not released enough information about their protocol for us to be able to determine that.

    AOL Instant Messenger (http://www.aim.com) has over 100 million users.Almost all of these users are Windows users and directly vulnerable to this.

    EXPLOIT

    The exploit, w00aimexp, is too big (1000+ lines) to include here, but it can be downloaded at http://www.w00w00.org/files/w00aimexp.tgz. The files can be viewed online at http://www.w00w00.org/files/w00aimexp/.

    If you want to be inform visit www.xatrix.org security portal

  2. #2
    Senior Member
    Join Date
    Aug 2001
    Location
    Pittsburgh
    Posts
    153

    Post

    I use aim on windows myself and I heard about this the other day. I think this is yet another reason for me to switch to a more secure OS.

  3. #3
    Senior Member
    Join Date
    Aug 2001
    Posts
    170

    Arrow

    AOL has created a server-side fix for this, now, though, so you don't have to worry about it any more.
    \"If you torture the data enough, it will confess.\" --Ronald Coase

  4. #4
    Senior Member
    Join Date
    Aug 2001
    Posts
    168
    i think it's just related to the aol icq problem. whom, it's more buggy than the last release...
    \"The more you ignore me... the closer i get!\"

  5. #5
    Banned
    Join Date
    Sep 2002
    Posts
    26
    The problem has been fixed since like 6 months ago

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •