|
-
February 3rd, 2006, 08:22 PM
#1
aim buffer overflow video
this was posted on bugtraq. thought it was interesting. Also leads me to beleive that it will most likely work on any version of aim...
http://www.dotshell.net/aim.swf
-
February 4th, 2006, 03:53 AM
#2
Junior Member
Just a question, lets say you have something to send a aim message using a name too long, would this in theory cause the receiver to have a buffer overflow?
and can this really be used in a maliciou way?
-
February 4th, 2006, 04:44 AM
#3
Banned
Just a question, lets say you have something to send a aim message using a name too long, would this in theory cause the receiver to have a buffer overflow?
and can this really be used in a maliciou way?
lol
-
February 5th, 2006, 06:48 PM
#4
I think the only way for that to be exploited would be to force someone else to view your profile through a link but there is no aim: command that has to do with profiles that I know of.
-
February 7th, 2006, 06:23 PM
#5
Banned
One thing I can think of that would work in theory would be to do
aim:addbuddy?screenname= whatevername
that in theory would work... I think there is also some aim code that allows you to send a message... but I can't remember right now. I know there is one that allows you to change to set someone's away message if they click on the link.
-
February 7th, 2006, 08:05 PM
#6
aim:goim
aim:gochat
aim:addbuddy
aim:buddyicon
aim:getfile
are all the ones I know of... None of them have to do with viewing profiles so I dont think it is possible to exploit it remotely even via a link.
-
February 7th, 2006, 08:34 PM
#7
Banned
hmm... I will have to work on some code for that then. Always a good idea to have some laying around.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote