this was posted on bugtraq. thought it was interesting. Also leads me to beleive that it will most likely work on any version of aim...
http://www.dotshell.net/aim.swf
Printable View
this was posted on bugtraq. thought it was interesting. Also leads me to beleive that it will most likely work on any version of aim...
http://www.dotshell.net/aim.swf
Just a question, lets say you have something to send a aim message using a name too long, would this in theory cause the receiver to have a buffer overflow?
and can this really be used in a maliciou way?
lolQuote:
Just a question, lets say you have something to send a aim message using a name too long, would this in theory cause the receiver to have a buffer overflow?
and can this really be used in a maliciou way?
I think the only way for that to be exploited would be to force someone else to view your profile through a link but there is no aim: command that has to do with profiles that I know of.
One thing I can think of that would work in theory would be to do
aim:addbuddy?screenname= whatevername
that in theory would work... I think there is also some aim code that allows you to send a message... but I can't remember right now. I know there is one that allows you to change to set someone's away message if they click on the link.
aim:goim
aim:gochat
aim:addbuddy
aim:buddyicon
aim:getfile
are all the ones I know of... None of them have to do with viewing profiles so I dont think it is possible to exploit it remotely even via a link.
hmm... I will have to work on some code for that then. Always a good idea to have some laying around.