|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: AIM 3.0 Buffer Overflow exploit
From: - - (mowse
MOWSE.NE.MEDIAONE.NET)Date: Tue Mar 21 2000 - 23:44:24 CST
- Next message: Ex Machina: "Re: spoofing the ethernet address"
- Previous message: Pierre Landau: "Re: spoofing the ethernet address"
- In reply to: lewkirYAHOO.COM: "AIM 3.0 Buffer Overflow exploit"
- Reply: - -: "Re: AIM 3.0 Buffer Overflow exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://www.ozemail.com.au/~geoffch/security/aim/preliminary.
htm
Don't know much about it except that it's perhaps sending an
invalid ascii or unicode character, but if you send "̂"
(no quotes) to a remote user, it will crash their AIM
session, and possibly their computer.
This bug does not exist in 3.5, and if you download 3.0
today, AOL has fixed this hole w/o telling anyone about it
(i.e. if you downloaded 3.0 in the not recent past, you will
be vulnerable).
If the "attacker" is running the unpatched AIM, it will
crash his/her computer as well.
gAIM doesn't have this vulnerability.
- Next message: Ex Machina: "Re: spoofing the ethernet address"
- Previous message: Pierre Landau: "Re: spoofing the ethernet address"
- In reply to: lewkirYAHOO.COM: "AIM 3.0 Buffer Overflow exploit"
- Reply: - -: "Re: AIM 3.0 Buffer Overflow exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]