|
|
|
 |
Vulnerability Note VU#683765AOL Instant Messenger vulnerable to denial of service via crafted file nameOverviewAOL Instant Messenger (AIM) 4.1 and prior are vulnerable to a denial of service vulnerability. A denial of service occurs when filenames that contain a "%s" are sent to a victim.I. DescriptionAOL Instant Messenger (AIM) is a program for communicating with other users over the Internet. AIM permits users to transfer files from one client to another. Versions 4.1 and prior contained a fromat string vulnerability that made it possible to cause a denial of service to the recipient of a file, when the file transferred contained a "%s" in the name.II. ImpactAn attacker can crash the victim's client causing a denial of service. Note that this vulnerability is consistant with a format string vulnerability and there may be the potential to exploit this vulnerability to execute arbitrary code.III. SolutionUpgrade to a version later than 4.1.Systems Affected
References
Our thanks to Adam Spun <spunone@fazed.net>, who discovered this vulnerability. This document was written by Jason Rafail.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader