Vulnerability Note VU#990451
AOL Instant Messenger vulnerable to DoS via crafted WAV file
AOL Instant Messenger (AIM) is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client of a victim.
AIM allows users to send audio files to one another. By sending a corrupt WAV formatted file, an attacker can cause the victims client to crash.
By repeatedly sending this message with the file attached, a continued denial of service can be caused.
Upgrade your client. This has been fixed in version 4.8.2540 beta.
AIM permits the user to only accept messages from known/trusted peers. Enable this feature.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|AOL Time Warner||Affected||17 Oct 2001||14 Jan 2002|
CVSS Metrics (Learn More)
This vulnerability was discovered by Robbie Saunders.
This document was written by Jason Rafail.
- CVE IDs: Unknown
- Date Public: 06 Oct 2001
- Date First Published: 14 Jan 2002
- Date Last Updated: 14 Jan 2002
- Severity Metric: 8.51
- Document Revision: 8
If you have feedback, comments, or additional information about this vulnerability, please send us email.