CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#990451

AOL Instant Messenger vulnerable to DoS via crafted WAV file

Overview

AOL Instant Messenger (AIM) is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client of a victim.

I. Description

AIM allows users to send audio files to one another. By sending a corrupt WAV formatted file, an attacker can cause the victims client to crash.

II. Impact

By repeatedly sending this message with the file attached, a continued denial of service can be caused.

III. Solution

Upgrade your client. This has been fixed in version 4.8.2540 beta.

AIM permits the user to only accept messages from known/trusted peers. Enable this feature.

Systems Affected

VendorStatusDate Updated
AOL Time WarnerVulnerable14-Jan-2002

References


http://www.ssnbc.com/wiz/

Credit

This vulnerability was discovered by Robbie Saunders.

This document was written by Jason Rafail.

Other Information

Date Public10/06/2001
Date First Published01/14/2002 01:20:35 PM
Date Last Updated01/14/2002
CERT Advisory 
CVE Name 
Metric8.51
Document Revision8

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2002 Carnegie Mellon University