|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: AIM 3.0 Buffer Overflow exploit
From: Jamal Hendershot (science
BCITY.EFINGHAM.K12.IL.US)Date: Sun Mar 19 2000 - 13:55:32 CST
- Next message: Knud Erik Højgaard: "Re: intel equipment"
- Previous message: NiGHTfly: "CGI directory path"
- In reply to: lewkirYAHOO.COM: "AIM 3.0 Buffer Overflow exploit"
- Next in thread: - -: "Re: AIM 3.0 Buffer Overflow exploit"
- Reply: Jamal Hendershot: "Re: AIM 3.0 Buffer Overflow exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Here's a list of versions reported to be affected by this bug, which was
sent to Bugtraq two weeks ago:
2.5.1366
2.5.1598
3.0.1470
3.5.1635
3.5.1670
3.5.1808
> -----Original Message-----
> From: VULN-DEV List [mailto:VULN-DEVSECURITYFOCUS.COM]On Behalf Of
> lewkirYAHOO.COM
> Sent: Friday, March 17, 2000 12:33 PM
> To: VULN-DEVSECURITYFOCUS.COM
> Subject: AIM 3.0 Buffer Overflow exploit
>
>
> Don't know much about it except that it's perhaps sending an
> invalid ascii or unicode character, but if you send "̂"
> (no quotes) to a remote user, it will crash their AIM
> session, and possibly their computer.
>
> This bug does not exist in 3.5, and if you download 3.0
> today, AOL has fixed this hole w/o telling anyone about it
> (i.e. if you downloaded 3.0 in the not recent past, you will
> be vulnerable).
>
> If the "attacker" is running the unpatched AIM, it will
> crash his/her computer as well.
>
> gAIM doesn't have this vulnerability.
- Next message: Knud Erik Højgaard: "Re: intel equipment"
- Previous message: NiGHTfly: "CGI directory path"
- In reply to: lewkirYAHOO.COM: "AIM 3.0 Buffer Overflow exploit"
- Next in thread: - -: "Re: AIM 3.0 Buffer Overflow exploit"
- Reply: Jamal Hendershot: "Re: AIM 3.0 Buffer Overflow exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]